US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: September 14, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — fxos A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. 2020-09-04 7.2 CVE-2020-3545
CISCO
cisco — ios_xr A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. 2020-09-04 7.2 CVE-2020-3473
CISCO
cisco — jabber A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution. 2020-09-04 9 CVE-2020-3495
CISCO
cisco — jabber A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. 2020-09-04 9.3 CVE-2020-3430
CISCO
cisco — rv340w_firmware Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. 2020-09-04 7.7 CVE-2020-3453
CISCO
MISC
concrete5 — concrete5 Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. 2020-09-04 9 CVE-2020-24986
MISC
hyland — onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows XXE attacks for read/write access to arbitrary files. 2020-09-11 7.5 CVE-2020-25257
MISC
ibm — aspera_connect IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. 2020-09-04 9.3 CVE-2020-4545
XF
CONFIRM
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595. 2020-09-11 7.5 CVE-2020-1453
N/A
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. 2020-09-11 7.5 CVE-2020-1452
N/A
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. 2020-09-11 7.5 CVE-2020-1200
N/A
nasm — network_assembler In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. 2020-09-04 7.5 CVE-2020-24978
MISC
noise-java_project — noise-java An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 7.5 CVE-2020-25021
MISC
FULLDISC
MISC
CONFIRM
noise-java_project — noise-java An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 7.5 CVE-2020-25022
MISC
FULLDISC
MISC
CONFIRM
noise-java_project — noise-java An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 7.5 CVE-2020-25023
MISC
FULLDISC
MISC
CONFIRM
projectworlds — car_rental_project Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. 2020-09-09 7.5 CVE-2020-24199
MISC
MISC
MISC
qualcomm — apq8009_firmware u’Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-13999
CONFIRM
MISC
qualcomm — apq8009_firmware u’Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-14065
CONFIRM
MISC
qualcomm — apq8009_firmware u’Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10615
CONFIRM
MISC
qualcomm — apq8009_firmware u’Heap overflow in diag command handler due to lack of check of packet length received from user’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-14074
CONFIRM
MISC
qualcomm — apq8009_firmware u’Possible out of bound access while copying the mask file content into the buffer without checking the buffer size’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9607, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QCS610, QM215, Rennell, SA515M, SA6155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2020-11128
CONFIRM
qualcomm — apq8009_firmware u’Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information leakage’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-13998
CONFIRM
MISC
qualcomm — apq8009_firmware u’Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-13995
CONFIRM
MISC
qualcomm — apq8009_firmware u’Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-09-08 10 CVE-2019-14052
CONFIRM
MISC
qualcomm — apq8009_firmware u’Out of bounds memory access during memory copy while processing Host command’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5500, QCN5502, QCS404, QCS405, QCS605, SA6155P, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SXR1130 2020-09-08 7.2 CVE-2020-3666
CONFIRM
qualcomm — apq8009_firmware u’SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6574AU, QCA8081, QCM2150, QCN7605, QCN7606, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10527
CONFIRM
MISC
qualcomm — apq8009_firmware u’Possible out of bound write while processing association response received from host due to lack of check of IE length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 10 CVE-2020-11116
CONFIRM
MISC
qualcomm — apq8009_firmware u’Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-13994
CONFIRM
MISC
qualcomm — apq8053_firmware u’Error in UE due to race condition in EPCO handling’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150 2020-09-08 9.3 CVE-2018-13903
CONFIRM
MISC
qualcomm — apq8098_firmware u’Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, Bitra, MDM9205, MDM9650, MSM8998, Nicobar, QCA6390, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10628
CONFIRM
MISC
qualcomm — apq8098_firmware u’Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 2020-09-08 10 CVE-2020-3667
CONFIRM
qualcomm — apq8098_firmware u’Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 2020-09-08 10 CVE-2020-3669
CONFIRM
qualcomm — bitra_firmware u’Improper access control can lead signed process to guess pid of other processes and access their address space’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10596
CONFIRM
MISC
qualcomm — bitra_firmware u’User Process can potentially corrupt kernel virtual page by passing a crafted page in API’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10629
CONFIRM
MISC
qualcomm — bitra_firmware u’Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-13992
CONFIRM
MISC
qualcomm — bitra_firmware u’Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 7.2 CVE-2019-14117
CONFIRM
MISC
qualcomm — ipq5018_firmware u’Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250 2020-09-08 10 CVE-2020-3675
CONFIRM
qualcomm — ipq6018_firmware u’Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-10562
CONFIRM
MISC
qualcomm — ipq6018_firmware u’Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 2020-09-08 10 CVE-2020-3668
CONFIRM
qualcomm — kamorta_firmware u’Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 7.2 CVE-2019-14089
CONFIRM
MISC
qualcomm — kamorta_firmware u’Possible integer overflow in API due to lack of check on large oid range count in cert extension field’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 2020-09-08 7.2 CVE-2019-14056
CONFIRM
MISC
sap — commerce SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application. 2020-09-09 7.5 CVE-2020-6302
MISC
MISC
xmlsoft — libxml2 GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). 2020-09-04 7.5 CVE-2020-24977
MISC
MLIST

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — experience_manager The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with ‘Author’ privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 6 CVE-2020-9732
MISC
adobe — experience_manager An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. 2020-09-10 5 CVE-2020-9733
MISC
adobe — framemaker Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious FrameMaker file. 2020-09-10 5.8 CVE-2020-9726
MISC
adobe — framemaker Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file. 2020-09-10 6.8 CVE-2020-9725
MISC
adobe — indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. 2020-09-10 6.8 CVE-2020-9731
MISC
adobe — indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. 2020-09-10 6.8 CVE-2020-9727
MISC
adobe — indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. 2020-09-10 6.8 CVE-2020-9728
MISC
adobe — indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. 2020-09-10 6.8 CVE-2020-9729
MISC
adobe — indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. 2020-09-10 6.8 CVE-2020-9730
MISC
apache — activemq Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the “jmxrmi” entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. 2020-09-10 4.3 CVE-2020-13920
MISC
arubanetworks — analytics_and_location_engine A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. 2020-09-04 4 CVE-2020-7119
MISC
cisco — asyncos A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability. 2020-09-04 5 CVE-2020-3546
CISCO
cisco — enterprise_network_function_virtualization_infrastructure A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. 2020-09-04 4 CVE-2020-3365
CISCO
cisco — enterprise_network_function_virtualization_infrastructure A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system. 2020-09-04 5.5 CVE-2020-3478
CISCO
cisco — ios_xr A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges. 2020-09-04 5.6 CVE-2020-3530
CISCO
cisco — jabber A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks. 2020-09-04 4 CVE-2020-3498
CISCO
cisco — rv340w_firmware Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. 2020-09-04 6.5 CVE-2020-3451
CISCO
MISC
cisco — webex_training A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting. 2020-09-04 4 CVE-2020-3542
CISCO
ctrip — apollo apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn’t have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application’s configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet. 2020-09-10 6.8 CVE-2020-15170
MISC
CONFIRM
facebook — hermes A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2020-09-04 6.8 CVE-2020-1911
CONFIRM
CONFIRM
foxitsoftware — phantompdf In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. 2020-09-04 6.8 CVE-2020-12248
MISC
foxitsoftware — phantompdf In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. 2020-09-04 5.8 CVE-2020-11493
MISC
hyland — onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client applications can write arbitrary data to the server logs. 2020-09-11 5 CVE-2020-25250
MISC
hyland — onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for reading files, as demonstrated by the FileName parameter. 2020-09-11 5 CVE-2020-25248
MISC
hyland — onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. 2020-09-11 5 CVE-2020-25247
MISC
ibm — infosphere_metadata_asset_manager IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. 2020-09-04 4 CVE-2020-4632
XF
CONFIRM
laravel — laravel An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. 2020-09-04 4.3 CVE-2020-24940
MISC
laravel — laravel An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. 2020-09-04 4.3 CVE-2020-24941
MISC
mcafee — endpoint_security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. 2020-09-09 4.6 CVE-2020-7319
CONFIRM
microsoft — 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594. 2020-09-11 6.8 CVE-2020-1335
N/A
microsoft — 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335. 2020-09-11 6.8 CVE-2020-1594
N/A
microsoft — 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594. 2020-09-11 6.8 CVE-2020-1332
N/A
microsoft — 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1332, CVE-2020-1335, CVE-2020-1594. 2020-09-11 6.8 CVE-2020-1193
N/A
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. 2020-09-11 6.5 CVE-2020-1210
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575. 2020-09-11 4.3 CVE-2020-1482
N/A
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595. 2020-09-11 6.5 CVE-2020-1576
N/A
microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576. 2020-09-11 6.5 CVE-2020-1595
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575. 2020-09-11 4.3 CVE-2020-1198
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575. 2020-09-11 4.3 CVE-2020-1345
N/A
octopus — octopus_deploy In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step’s execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output. 2020-09-09 4.3 CVE-2020-24566
MISC
MISC
qualcomm — apq8009 u’Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 4.6 CVE-2020-3622
CONFIRM
MISC
qualcomm — apq8009_firmware u’Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ8074, Kamorta, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCA8081, QCS404, QCS605, QCS610, QM215, Rennell, SA415M, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-09-08 6.9 CVE-2020-3619
CONFIRM
MISC
qualcomm — apq8009_firmware u’Information exposure issues while processing IE header due to improper check of beacon IE frame’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 5 CVE-2020-11118
CONFIRM
MISC
qualcomm — apq8009_firmware u’Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 5 CVE-2020-11115
CONFIRM
MISC
qualcomm — apq8009_firmware u’Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 4.9 CVE-2020-3621
CONFIRM
MISC
qualcomm — apq8009_firmware u’A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 2020-09-08 4.6 CVE-2020-3624
CONFIRM
MISC
qualcomm — ipq6018_firmware u’While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 6.9 CVE-2019-14119
CONFIRM
MISC
qualcomm — mdm9607_firmware u’Potential buffer overflow when accessing npu debugfs node “off”/”log” with large buffer size’ in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55, SM6150, SM7150, SM8150 2020-09-08 4.6 CVE-2020-3647
CONFIRM
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6352
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6350
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6346
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6332
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6348
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6349
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6344
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6351
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6353
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6354
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6345
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6355
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6356
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6357
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6358
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6359
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6360
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6361
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6343
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6347
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6322
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6333
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6321
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6314
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6327
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6328
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6341
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6330
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6331
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6329
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6342
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6334
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6335
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6336
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6337
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6338
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6339
MISC
MISC
MISC
sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-09-09 4.3 CVE-2020-6340
MISC
MISC
MISC
sap — bank_analyzer Banking services from SAP 9.0 (Bank Analyzer), version – 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. 2020-09-09 4 CVE-2020-6311
MISC
MISC
sap — businessobjects_business_intelligence_platform SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed. 2020-09-09 5 CVE-2020-6288
MISC
MISC
sap — fiori_launchpad SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. 2020-09-09 4.3 CVE-2020-6283
MISC
MISC
sap — netweaver_as_abap_business_server_pages SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting. 2020-09-09 4.3 CVE-2020-6324
MISC
MISC
sap — netweaver_knowledge_management SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. 2020-09-09 4 CVE-2020-6313
MISC
MISC
ucms_project — ucms An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. 2020-09-04 5 CVE-2020-24981
MISC
xwiki — xwiki In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users. 2020-09-10 6 CVE-2020-15171
CONFIRM
zulipchat — zulip_desktop Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. 2020-09-10 4.3 CVE-2020-24582
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
appsbd — best_support_system An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. 2020-09-04 3.5 CVE-2020-24963
MISC
MISC
cisco — jabber A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks. 2020-09-04 3.5 CVE-2020-3537
CISCO
cisco — webex_meetings A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. 2020-09-04 2.1 CVE-2020-3541
CISCO
gnu — bison An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character ‘\’ at the end and while still in a character or a string. 2020-09-04 2.1 CVE-2020-24980
MISC
MISC
gnu — bison A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash. 2020-09-04 2.1 CVE-2020-24979
MISC
MISC
ibm — business_automation_workflow IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. 2020-09-08 3.5 CVE-2020-4698
XF
CONFIRM
ibm — business_automation_workflow IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. 2020-09-08 3.5 CVE-2020-4516
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187. 2020-09-04 3.5 CVE-2020-4702
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. 2020-09-10 3.5 CVE-2020-4578
XF
CONFIRM
mcafee — endpoint_security Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. 2020-09-09 2.1 CVE-2020-7320
CONFIRM
mcafee — endpoint_security Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. 2020-09-09 2.1 CVE-2020-7322
CONFIRM
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16864
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872. 2020-09-11 3.5 CVE-2020-16878
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16872
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16859
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16872, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16871
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16858
N/A
microsoft — dynamics_365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878. 2020-09-11 3.5 CVE-2020-16861
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575. 2020-09-11 3.5 CVE-2020-1514
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575. 2020-09-11 3.5 CVE-2020-1227
N/A
microsoft — sharepoint_foundation A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514. 2020-09-11 3.5 CVE-2020-1575
N/A
qualcomm — apq8009_firmware u’Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 2.1 CVE-2019-14115
CONFIRM
MISC
qualcomm — apq8009_firmware u’Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 2.1 CVE-2020-3620
CONFIRM
MISC
qualcomm — apq8009_firmware u’Information disclosure issue can occur due to partial secure display-touch session tear-down’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 2.1 CVE-2020-3643
CONFIRM
MISC
qualcomm — apq8009_firmware u’Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-08 2.1 CVE-2020-3644
CONFIRM
MISC
sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions – 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. 2020-09-09 3.5 CVE-2020-6312
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accel — accel
 
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions. 2020-09-09 not yet calculated CVE-2020-15173
MISC
CONFIRM
action_view_gem_for_ruby_on_rails — action_view_gem_for_ruby_on_rails
 
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View’s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. 2020-09-11 not yet calculated CVE-2020-15169
CONFIRM
add-apt-repository — add-apt-repository
 
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. 2020-09-05 not yet calculated CVE-2020-15709
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with ‘Author’ privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9742
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with ‘Author’ privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9740
MISC
adobe — experience_manager_and_aem_forms
 
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with ‘Author’ privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9734
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9735
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing). 2020-09-10 not yet calculated CVE-2020-9743
MISC
adobe — experience_manager_and_aem_forms
 
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with ‘Author’ privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9741
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9738
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9737
MISC
adobe — experience_manager_and_aem_forms
 
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field. 2020-09-10 not yet calculated CVE-2020-9736
MISC
apache — activemq
 
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html “A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code.” Mitigation: Upgrade to Apache ActiveMQ 5.15.13 2020-09-10 not yet calculated CVE-2020-11998
MISC
apache — cocoon
 
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. 2020-09-11 not yet calculated CVE-2020-11991
MISC
apache — netbeans
 
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user. 2020-09-09 not yet calculated CVE-2020-11986
MISC
argo — soft_mail_server
 
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. 2020-09-11 not yet calculated CVE-2020-23824
MISC
atftp — atftp
 
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. 2020-09-10 not yet calculated CVE-2020-6097
MISC
atop_technology — atop_technology
 
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device’s web management interface allows attackers to inject specific code and execute system commands without privilege. 2020-09-10 not yet calculated CVE-2020-24552
MISC
avast — avast_antivirus
 
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. 2020-09-10 not yet calculated CVE-2020-15024
MISC
bitcoin — bitcoin_core
 
Bitcoin Core 0.20.0 allows remote denial of service. 2020-09-10 not yet calculated CVE-2020-14198
MISC
MISC
bitcoin — bitcoin_core_and_bitcoin_knots
 
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. 2020-09-10 not yet calculated CVE-2018-17145
MISC
MISC
CONFIRM
CONFIRM
canonical — ubuntu
 
On desktop, Ubuntu UI Toolkit’s StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. 2020-09-11 not yet calculated CVE-2014-1420
UBUNTU
UBUNTU
covidsafe — covidsafe
 
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim’s phone without authorisation, bypassing the Bluetooth address randomisation protection in the user’s phone. 2020-09-09 not yet calculated CVE-2020-14292
MISC
MISC
MISC
MISC
facebook — hermes
 
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2020-09-09 not yet calculated CVE-2020-1912
CONFIRM
CONFIRM
facebook — hermes
 
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2020-09-09 not yet calculated CVE-2020-1913
CONFIRM
CONFIRM
hp — officejet_pro u’Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service’ in IPS PDF releases prior to IPS System 2020.2 2020-09-08 not yet calculated CVE-2020-11158
CONFIRM
huawei — multiple_smartphones
 
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab 2020-09-11 not yet calculated CVE-2020-9239
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. 2020-09-11 not yet calculated CVE-2020-25249
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. 2020-09-11 not yet calculated CVE-2020-25253
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. 2020-09-11 not yet calculated CVE-2020-25260
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. 2020-09-11 not yet calculated CVE-2020-25251
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. 2020-09-11 not yet calculated CVE-2020-25258
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner. 2020-09-11 not yet calculated CVE-2020-25259
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). 2020-09-11 not yet calculated CVE-2020-25252
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers’ installations. 2020-09-11 not yet calculated CVE-2020-25256
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. 2020-09-11 not yet calculated CVE-2020-25254
MISC
hyland — onbase
 
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. 2020-09-11 not yet calculated CVE-2020-25255
MISC
icms — icms
 
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted. 2020-09-10 not yet calculated CVE-2020-24739
MISC
ingenico — telium_2 Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17769
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17773
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17766
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17772
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17768
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17765
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17770
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17771
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17767
MISC
MISC
MISC
MISC
ingenico — telium_2
 
Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 2020-09-09 not yet calculated CVE-2018-17774
MISC
MISC
MISC
MISC
inspircd — inspircd_2
 
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. 2020-09-11 not yet calculated CVE-2019-20917
MISC
MISC
MISC
inspircd — inspircd_2
 
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. 2020-09-11 not yet calculated CVE-2020-25269
MISC
MISC
MISC
inspircd — inspircd_3
 
An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. 2020-09-11 not yet calculated CVE-2019-20918
MISC
MISC
MISC
intel — amt_and_ism
 
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. 2020-09-10 not yet calculated CVE-2020-8758
CONFIRM
MISC
jbossweb — jbossweb
 
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. 2020-09-09 not yet calculated CVE-2020-14384
MISC
kentico — kentico
 
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. 2020-09-09 not yet calculated CVE-2020-24794
MISC
lg — multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). 2020-09-11 not yet calculated CVE-2020-25282
MISC
lg — multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). 2020-09-11 not yet calculated CVE-2020-25283
MISC
lg — multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). 2020-09-11 not yet calculated CVE-2020-25281
MISC
libproxy — libproxy
 
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. 2020-09-09 not yet calculated CVE-2020-25219
MISC
MLIST
libx11 — libx11
 
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. 2020-09-11 not yet calculated CVE-2020-14363
CONFIRM
MISC
linux — linux_kernel
 
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. 2020-09-09 not yet calculated CVE-2020-25212
MISC
MISC
MISC
linux — linux_kernel
 
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. 2020-09-10 not yet calculated CVE-2020-10773
CONFIRM
MISC
linux — linux_kernel
 
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. 2020-09-09 not yet calculated CVE-2020-25211
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel’s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn’t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. 2020-09-09 not yet calculated CVE-2020-1749
CONFIRM
linux — linux_kernel
 
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. 2020-09-10 not yet calculated CVE-2020-25220
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. 2020-09-10 not yet calculated CVE-2020-25221
MLIST
MISC
MISC
MISC
MISC
loway — queuemetrics
 
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. 2020-09-09 not yet calculated CVE-2020-13127
MISC
MISC
mcafee — endpoint_security
 
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine. 2020-09-09 not yet calculated CVE-2020-7323
CONFIRM
mcafee — mcafee_agent_for_mac
 
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. 2020-09-10 not yet calculated CVE-2020-7314
CONFIRM
mcafee — mcafee_agent_for_windows
 
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. 2020-09-10 not yet calculated CVE-2020-7311
CONFIRM
mcafee — mcafee_agent_for_windows
 
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. 2020-09-10 not yet calculated CVE-2020-7315
CONFIRM
mcafee — mcafee_agent_for_windows
 
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. 2020-09-10 not yet calculated CVE-2020-7312
CONFIRM
mcafee — mvision_endpoint
 
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. 2020-09-09 not yet calculated CVE-2020-7325
CONFIRM
mcafee — mvision_endpoint
 
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. 2020-09-09 not yet calculated CVE-2020-7324
CONFIRM
microsoft — asp.net_core
 
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka ‘Microsoft ASP.NET Core Security Feature Bypass Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1045
N/A
microsoft — dynamics_365
 
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16862. 2020-09-11 not yet calculated CVE-2020-16860
N/A
microsoft — dynamics_365
 
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16860. 2020-09-11 not yet calculated CVE-2020-16862
N/A
microsoft — dynamics_365_for_finance_and_operations
 
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16857
N/A
microsoft — edge_(chromium-based)
 
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka ‘Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16884
N/A
microsoft — edge_(edgehtml-based)
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180. 2020-09-11 not yet calculated CVE-2020-1057
N/A
microsoft — edge_(edgehtml-based)_and_chakracore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180. 2020-09-11 not yet calculated CVE-2020-1172
N/A
microsoft — edge_(edgehtml-based)_and_chakracore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172. 2020-09-11 not yet calculated CVE-2020-1180
N/A
microsoft — excel
 
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1224
N/A
microsoft — exchange_server_2016_and_2019
 
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka ‘Microsoft Exchange Server Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16875
N/A
microsoft — internet_explorer_11
 
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘WinINet API Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1012
N/A
microsoft — multiple_products An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1133. 2020-09-11 not yet calculated CVE-2020-1130
N/A
microsoft — multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1130. 2020-09-11 not yet calculated CVE-2020-1133
N/A
microsoft — office
 
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ‘Microsoft Office Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16855
N/A
microsoft — onedrive_for_windows An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852. 2020-09-11 not yet calculated CVE-2020-16853
N/A
microsoft — onedrive_for_windows
 
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853. 2020-09-11 not yet calculated CVE-2020-16851
N/A
microsoft — onedrive_for_windows
 
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853. 2020-09-11 not yet calculated CVE-2020-16852
N/A
microsoft — sharepoint_server
 
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1523. 2020-09-11 not yet calculated CVE-2020-1440
N/A
microsoft — sharepoint_server
 
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1440. 2020-09-11 not yet calculated CVE-2020-1523
N/A
microsoft — sharepoint_server
 
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1205
N/A
microsoft — sharepoint_server
 
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1460
N/A
microsoft — visual_studio
 
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16874. 2020-09-11 not yet calculated CVE-2020-16856
N/A
microsoft — visual_studio
 
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16881
N/A
microsoft — visual_studio
 
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16856. 2020-09-11 not yet calculated CVE-2020-16874
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1053. 2020-09-11 not yet calculated CVE-2020-1308
N/A
microsoft — windows_10 A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka ‘ADFS Spoofing Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0837
N/A
microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0904. 2020-09-11 not yet calculated CVE-2020-0890
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376. 2020-09-11 not yet calculated CVE-2020-1052
N/A
microsoft — windows_10 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1250. 2020-09-11 not yet calculated CVE-2020-0941
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Windows Shell Infrastructure Component Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1098
N/A
microsoft — windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1039. 2020-09-11 not yet calculated CVE-2020-1074
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1559. 2020-09-11 not yet calculated CVE-2020-0886
N/A
microsoft — windows_10 A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Security Feature Bypass Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0805
N/A
microsoft — windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1074. 2020-09-11 not yet calculated CVE-2020-1039
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1593. 2020-09-11 not yet calculated CVE-2020-1508
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1590
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854. 2020-09-11 not yet calculated CVE-2020-1589
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1598
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1508. 2020-09-11 not yet calculated CVE-2020-1593
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592. 2020-09-11 not yet calculated CVE-2020-16854
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘Windows Start-Up Application Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1506
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1507
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka ‘Windows CloudExperienceHost Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1471
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1491
N/A
microsoft — windows_10
 
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0890. 2020-09-11 not yet calculated CVE-2020-0904
N/A
microsoft — windows_10
 
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ‘TLS Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1596
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Information Disclosure Vulnerability’. 2020-09-11 not yet calculated N/A
microsoft — windows_10
 
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka ‘Windows Text Service Module Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0908
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854. 2020-09-11 not yet calculated CVE-2020-1592
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1034
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1169. 2020-09-11 not yet calculated CVE-2020-1303
N/A
microsoft — windows_10
 
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0951
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159. 2020-09-11 not yet calculated CVE-2020-1376
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka ‘Windows Modules Installer Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0911
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0914
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0922
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. 2020-09-11 not yet calculated CVE-2020-0928
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0997
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0998
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka ‘Group Policy Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1013
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1030
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka ‘Windows DHCP Server Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1031
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0912
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0886. 2020-09-11 not yet calculated CVE-2020-1559
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows InstallService Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1532
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows RSoP Service Application Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0648
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376. 2020-09-11 not yet calculated CVE-2020-1159
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1083. 2020-09-11 not yet calculated CVE-2020-0921
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1308. 2020-09-11 not yet calculated CVE-2020-1053
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0875
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. 2020-09-11 not yet calculated CVE-2020-1033
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1285
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1319. 2020-09-11 not yet calculated CVE-2020-1129
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1129. 2020-09-11 not yet calculated CVE-2020-1319
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0989
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ‘NTFS Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0838
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1146. 2020-09-11 not yet calculated CVE-2020-0766
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka ‘Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0782
N/A
microsoft — windows_10
 
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0790
N/A
microsoft — windows_10
 
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1228. 2020-09-11 not yet calculated CVE-2020-0836
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0839
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Shell infrastructure component Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0870
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1256
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1252
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0941. 2020-09-11 not yet calculated CVE-2020-1250
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1122
N/A
microsoft — windows_10
 
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0836. 2020-09-11 not yet calculated CVE-2020-1228
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1303. 2020-09-11 not yet calculated CVE-2020-1169
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ‘Windows Win32k Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1152
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0766. 2020-09-11 not yet calculated CVE-2020-1146
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka ‘Windows Information Disclosure Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1119
N/A
microsoft — windows_10
 
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka ‘Windows Routing Utilities Denial of Service’. 2020-09-11 not yet calculated CVE-2020-1038
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1115
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1091. 2020-09-11 not yet calculated CVE-2020-1097
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1097. 2020-09-11 not yet calculated CVE-2020-1091
N/A
microsoft — windows_10
 
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0921. 2020-09-11 not yet calculated CVE-2020-1083
N/A
microsoft — windows_10
 
A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka ‘SQL Server Reporting Services Security Feature Bypass Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1044
N/A
microsoft — windows_10
 
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. 2020-09-11 not yet calculated CVE-2020-0878
N/A
microsoft — windows_10
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. 2020-09-11 not yet calculated CVE-2020-1245
N/A
microsoft — windows_server

 

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0761. 2020-09-11 not yet calculated CVE-2020-0718
N/A
microsoft — windows_server

 

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0718. 2020-09-11 not yet calculated CVE-2020-0761
N/A
microsoft — windows_server

 

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0664. 2020-09-11 not yet calculated CVE-2020-0856
N/A
microsoft — windows_server
 
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0856. 2020-09-11 not yet calculated CVE-2020-0664
N/A
microsoft — word
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1218. 2020-09-11 not yet calculated CVE-2020-1338
N/A
microsoft — word
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1338. 2020-09-11 not yet calculated CVE-2020-1218
N/A
microsoft — xamarin.forms
 
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka ‘Xamarin.Forms Spoofing Vulnerability’. 2020-09-11 not yet calculated CVE-2020-16873
N/A
multiple_vendors — multiple_bluetooth_devices
 
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. 2020-09-11 not yet calculated CVE-2020-15802
MISC
MISC
nagios_xi — nagios_xi
 
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. 2020-09-09 not yet calculated CVE-2020-15903
CONFIRM
nec — expresscluster
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801. 2020-09-10 not yet calculated CVE-2020-17408
MISC
MISC
netapp — gnutls
 
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application’s error handling path, where the gnutls_deinit function is called after detecting a handshake failure. 2020-09-04 not yet calculated CVE-2020-24659
MISC
FEDORA
GENTOO
CONFIRM
MISC
netapp — openssl
 
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). 2020-09-09 not yet calculated CVE-2020-1968
CONFIRM
CONFIRM
node-fetch — node-fetch
 
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don’t double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. 2020-09-10 not yet calculated CVE-2020-15168
CONFIRM
MISC
online_bike_rental — online_bike_rental
 
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. 2020-09-09 not yet calculated CVE-2020-24195
MISC
MISC
palo_alto_networks — pan-os
 
An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. 2020-09-09 not yet calculated CVE-2020-2039
MISC
palo_alto_networks — pan-os
 
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. 2020-09-09 not yet calculated CVE-2020-2042
MISC
palo_alto_networks — pan-os
 
An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4. 2020-09-09 not yet calculated CVE-2020-2043
MISC
palo_alto_networks — pan-os
 
An information exposure through log file vulnerability where an administrator’s password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. 2020-09-09 not yet calculated CVE-2020-2044
MISC
palo_alto_networks — pan-os
 
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. 2020-09-09 not yet calculated CVE-2020-2037
MISC
palo_alto_networks — pan-os
 
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1. 2020-09-09 not yet calculated CVE-2020-2038
MISC
palo_alto_networks — pan-os
 
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. 2020-09-09 not yet calculated CVE-2020-2036
MISC
palo_alto_networks — pan-os
 
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. 2020-09-09 not yet calculated CVE-2020-2040
MISC
palo_alto_networks — pan-os
 
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16. 2020-09-09 not yet calculated CVE-2020-2041
MISC
perl — perl
 
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. 2020-09-11 not yet calculated CVE-2013-7490
MISC
MISC
MISC
perl — perl
 
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. 2020-09-11 not yet calculated CVE-2013-7491
MISC
MISC
MISC
perl — perl
 
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. 2020-09-11 not yet calculated CVE-2014-10401
MISC
MISC
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. 2020-09-11 not yet calculated CVE-2020-16218
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. 2020-09-11 not yet calculated CVE-2020-16228
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. 2020-09-11 not yet calculated CVE-2020-16216
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. 2020-09-11 not yet calculated CVE-2020-16220
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. 2020-09-11 not yet calculated CVE-2020-16224
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. 2020-09-11 not yet calculated CVE-2020-16214
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-09-11 not yet calculated CVE-2020-16222
MISC
philips — multiple_products
 
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. 2020-09-11 not yet calculated CVE-2020-16212
MISC
php — php
 
In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. 2020-09-09 not yet calculated CVE-2020-7068
CONFIRM
GENTOO
primekey — ejbca An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) 2020-09-11 not yet calculated CVE-2020-25276
MISC
python — python
 
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. 2020-09-04 not yet calculated CVE-2019-20916
MISC
MISC
MISC
MLIST
python — the_update_framework
 
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer. 2020-09-09 not yet calculated CVE-2020-15163
CONFIRM
MISC
MISC
CONFIRM
MISC
qnap — helpdesk
 
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 not yet calculated CVE-2018-19948
MISC
qnap — helpdesk
 
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 not yet calculated CVE-2018-19947
MISC
qnap — helpdesk
 
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 not yet calculated CVE-2018-19946
MISC
qualcomm — multiple_snapdragon_products
 
u’During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-09 not yet calculated CVE-2020-3679
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-3636
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-3640
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-3646
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible out of bound write in DSP driver code due to lack of check of data received from user’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W 2020-09-08 not yet calculated CVE-2020-3648
CONFIRM
qualcomm — multiple_snapdragon_products
 
Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 2020-09-09 not yet calculated CVE-2020-3674
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 2020-09-08 not yet calculated CVE-2020-3702
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130 2020-09-08 not yet calculated CVE-2020-3611
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 2020-09-09 not yet calculated CVE-2020-3634
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-09 not yet calculated CVE-2020-3656
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-11120
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2019-14025
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Reachable assertion when wrong data size is returned by parser for ape clips’ in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-09-09 not yet calculated CVE-2020-11135
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 2020-09-08 not yet calculated CVE-2020-11117
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration’ in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-11122
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130 2020-09-09 not yet calculated CVE-2020-3617
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-09 not yet calculated CVE-2020-11124
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free’ in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130 2020-09-09 not yet calculated CVE-2020-11129
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-09-08 not yet calculated CVE-2020-3629
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible out of bound array write in rxdco cal utility due to lack of array bound check’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130 2020-09-08 not yet calculated CVE-2020-11133
CONFIRM
red_hat — ansible
 
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. 2020-09-11 not yet calculated CVE-2020-14330
CONFIRM
MISC
red_hat — ansible
 
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. 2020-09-11 not yet calculated CVE-2020-14332
CONFIRM
MISC
samba — samba
 
It was found that cifs-utils’ mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. 2020-09-09 not yet calculated CVE-2020-14342
CONFIRM
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020). 2020-09-11 not yet calculated CVE-2020-25278
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). 2020-09-11 not yet calculated CVE-2020-25280
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). 2020-09-11 not yet calculated CVE-2020-25279
MISC
sap — netweaver SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. 2020-09-09 not yet calculated CVE-2020-6326
MISC
MISC
sap — netweaver
 
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate. 2020-09-09 not yet calculated CVE-2020-6318
MISC
MISC
sap — servlet
 
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application. 2020-09-09 not yet calculated CVE-2020-6320
MISC
MISC
siemens — license_management_utility
 
A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges. 2020-09-09 not yet calculated CVE-2020-10056
MISC
siemens — multiple_simatic_hmi_versions
 
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. 2020-09-09 not yet calculated CVE-2020-15786
MISC
siemens — multiple_simatic_versions A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. 2020-09-09 not yet calculated CVE-2020-15791
MISC
siemens — polarion_subversion_webclient
 
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. 2020-09-09 not yet calculated CVE-2020-15789
MISC
siemens — polarion_subversion_webclient
 
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code. 2020-09-09 not yet calculated CVE-2020-15788
MISC
siemens — simatic_hmi_united_comfort_panels
 
A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. 2020-09-09 not yet calculated CVE-2020-15787
MISC
siemens — simatic_rtls_locating_manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service. 2020-09-09 not yet calculated CVE-2020-10051
MISC
siemens — simatic_rtls_locating_manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. 2020-09-09 not yet calculated CVE-2020-10050
MISC
siemens — simatic_rtls_locating_manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. 2020-09-09 not yet calculated CVE-2020-10049
MISC
siemens — siveillance_video_client
 
A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. 2020-09-09 not yet calculated CVE-2020-15785
MISC
siemens — spectrum_power_4 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. 2020-09-09 not yet calculated CVE-2020-15790
MISC
siemens — spectrum_power_4
 
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. 2020-09-09 not yet calculated CVE-2020-15784
MISC
silk-v3-decoder — silk-v3-decoder
 
The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. 2020-09-09 not yet calculated CVE-2020-24074
MISC
MISC
sourcecodester — daily_tracker_system
 
A Cross-site scripting (XSS) vulnerability in ‘user-profile.php’ in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘fullname’ parameter. 2020-09-09 not yet calculated CVE-2020-24194
MISC
MISC
stock_management_system — stock_management_system
 
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. 2020-09-09 not yet calculated CVE-2020-24197
MISC
MISC
stock_management_system — stock_management_system
 
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘Brand Name.’ 2020-09-09 not yet calculated CVE-2020-24198
MISC
MISC
taoensso — nippy
 
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. 2020-09-11 not yet calculated CVE-2020-24164
MISC
tenda — ac18_routers
 
Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to “radius”. 2020-09-04 not yet calculated CVE-2020-24987
MISC
MISC
twilio — twilio
 
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement). 2020-09-10 not yet calculated CVE-2020-24655
CONFIRM
wordpress — wordpress
 
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. 2020-09-10 not yet calculated CVE-2020-5780
MISC
wordpress — wordpress
 
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. 2020-09-09 not yet calculated CVE-2020-25213
MISC
MISC
MISC
MISC
MISC
MISC
MISC
xiaomi — ai_speaker_rom
 
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. 2020-09-11 not yet calculated CVE-2020-14096
MISC
xiaomi — r3600_rom
 
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. 2020-09-11 not yet calculated CVE-2020-14100
MISC
yaws — yaws
 
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. 2020-09-09 not yet calculated CVE-2020-24916
MISC
MISC
MISC
MISC
yaws — yaws
 
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. 2020-09-09 not yet calculated CVE-2020-24379
MISC
MISC
MISC
MISC
yodobashi — yodobashi_app
 
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2020-09-09 not yet calculated CVE-2020-5627
MISC
zeromq — zeromq
 
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. 2020-09-11 not yet calculated CVE-2020-15166
MISC
MISC
CONFIRM
GENTOO

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 7, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arr-flatten-unflatten_project — arr-flatten-unflatten All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. 2020-09-01 7.5 CVE-2020-7713
CONFIRM
canonical — checkinstall checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. 2020-08-31 7.2 CVE-2020-25031
MISC
cisco — ios_xr A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. 2020-08-29 7.8 CVE-2020-3566
CISCO
deep-get-set_project — deep-get-set All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. 2020-09-01 7.5 CVE-2020-7715
MISC
digitalbazzar — forge The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. 2020-09-01 7.5 CVE-2020-7720
CONFIRM
MISC
MISC
dot-notes_project — dot-notes All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. 2020-09-01 7.5 CVE-2020-7717
MISC
gammautils_project — gammautils All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. 2020-09-01 7.5 CVE-2020-7718
MISC
gedi_project — gedi All versions of package gedi are vulnerable to Prototype Pollution via the set function. 2020-09-01 7.5 CVE-2020-7727
MISC
google — android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020). 2020-08-31 7.5 CVE-2020-25055
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020). 2020-08-31 7.5 CVE-2020-25049
MISC
google — android An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). 2020-08-31 7.5 CVE-2020-25052
MISC
google — android An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). 2020-08-31 7.5 CVE-2020-25053
MISC
google — android An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020). 2020-08-31 7.5 CVE-2020-25062
MISC
google — android An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020). 2020-08-31 7.5 CVE-2020-25057
MISC
google — android An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). 2020-08-31 7.5 CVE-2020-25061
MISC
google — android An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). 2020-08-31 7.8 CVE-2020-25065
MISC
google — android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020). 2020-08-31 7.5 CVE-2020-25058
MISC
guidesmiths — worksmith All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. 2020-09-01 7.5 CVE-2020-7725
MISC
heybbs_project — heybbs Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. 2020-09-03 7.5 CVE-2020-25005
MISC
MISC
heybbs_project — heybbs Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. 2020-09-03 7.5 CVE-2020-25006
MISC
MISC
heybbs_project — heybbs Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. 2020-09-03 7.5 CVE-2020-25004
MISC
MISC
invertase — deeps All versions of package deeps are vulnerable to Prototype Pollution via the set function. 2020-09-01 7.5 CVE-2020-7716
MISC
locutus_project — locutus Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. 2020-09-01 7.5 CVE-2020-7719
CONFIRM
MISC
mpxj — mpxj MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. 2020-08-29 7.5 CVE-2020-25020
MISC
node-oojs_project — node-oojs All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. 2020-09-01 7.5 CVE-2020-7721
MISC
nodee-utils_project — nodee-utils All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. 2020-09-01 7.5 CVE-2020-7722
MISC
os4ed — opensis An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6141
MISC
os4ed — opensis SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6138
MISC
os4ed — opensis SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6137
MISC
os4ed — opensis A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6144
MISC
os4ed — opensis A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6143
MISC
os4ed — opensis A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6142
MISC
os4ed — opensis SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6140
MISC
os4ed — opensis SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 2020-09-01 7.5 CVE-2020-6139
MISC
qemu — qemu An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. 2020-08-31 7.2 CVE-2020-14364
MISC
MISC
MISC
realseriousgames — confucious All versions of package confucious are vulnerable to Prototype Pollution via the set function. 2020-09-01 7.5 CVE-2020-7714
MISC
redlion — n-tron_702-w_firmware The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). 2020-09-01 10 CVE-2020-16204
MISC
FULLDISC
MISC
riken — xoonips SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2020-08-28 7.5 CVE-2020-5624
MISC
MISC
MISC
rpm — librepro A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. 2020-08-30 8.5 CVE-2020-14352
MISC
MISC
safe-object2_project — safe-object2 All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. 2020-09-01 7.5 CVE-2020-7726
MISC
schneider-electric — apc_easy_ups_online_software Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in SFAPV9601 – APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. 2020-08-31 7.5 CVE-2020-7521
MISC
schneider-electric — apc_easy_ups_online_software Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in SFAPV9601 – APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. 2020-08-31 7.5 CVE-2020-7522
MISC
tiny-conf_project — tiny-conf All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. 2020-09-01 7.5 CVE-2020-7724
MISC
usvn — usvn USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. 2020-09-01 7.5 CVE-2020-25069
MISC
yola — promisehelpers All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. 2020-09-01 7.5 CVE-2020-7723
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apc — powerchute Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. 2020-08-31 6.5 CVE-2020-7526
MISC
appsaloon — wp-gdpr controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. 2020-08-31 4.3 CVE-2020-20628
MISC
basercms — basercms baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. 2020-08-28 4.6 CVE-2020-15159
MISC
MISC
CONFIRM
bitdefender — endpoint_security An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product’s security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. 2020-08-30 4.6 CVE-2020-8097
MISC
blubrry — subscribe_sidebar The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. 2020-08-31 4.3 CVE-2020-25033
MISC
MISC
bufferlist_project — bufferlist A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. 2020-08-30 5.5 CVE-2020-8244
MISC
chamber_dashboard_business_directory_project — chamber_dashboard_business_directory The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. 2020-08-31 4.3 CVE-2020-24699
MISC
MISC
chameleon_mini_live_debugger_project — chameleon_mini_live_debugger Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it’s sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. 2020-08-28 6.4 CVE-2020-15165
CONFIRM
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. 2020-09-03 4.3 CVE-2020-25087
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. 2020-09-03 4.3 CVE-2020-25090
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. 2020-09-03 4.3 CVE-2020-25089
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. 2020-09-03 4.3 CVE-2020-25092
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. 2020-09-03 4.3 CVE-2020-25091
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. 2020-09-03 4.3 CVE-2020-25086
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. 2020-09-03 4.3 CVE-2020-25093
MISC
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. 2020-09-03 4.3 CVE-2020-25088
MISC
flask-cors_project — flask-cors An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. 2020-08-31 5 CVE-2020-25032
MISC
forgerock — identity_manager Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6. 2020-08-31 4.3 CVE-2020-17465
MISC
MISC
get-simple — getsimple_cms A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client’s browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. 2020-09-01 4.3 CVE-2020-23839
MISC
gigadevice — gd32f103_firmware The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. 2020-08-31 4.6 CVE-2020-13465
MISC
gigadevice — gd32f130_firmware Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). 2020-08-31 4.6 CVE-2020-13468
MISC
golang — go Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. 2020-09-02 4.3 CVE-2020-24553
MISC
FULLDISC
MISC
google — android An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020). 2020-08-31 5 CVE-2020-25056
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020). 2020-08-31 5 CVE-2020-25051
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020). 2020-08-31 5 CVE-2020-25050
MISC
google — android An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020). 2020-08-31 5 CVE-2020-25063
MISC
google — android An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020). 2020-08-31 5 CVE-2020-25059
MISC
google — android An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020). 2020-08-31 5 CVE-2020-25064
MISC
google — android An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020). 2020-08-31 4.6 CVE-2020-25060
MISC
grafana — grafana Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. 2020-08-28 4 CVE-2019-19499
MISC
hoosk — hoosk Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user’s intention. 2020-08-28 4.3 CVE-2020-16610
MISC
CONFIRM
ibm — infosphere_guardium IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. 2020-09-01 6.5 CVE-2012-3336
CONFIRM
XF
ibm — infosphere_guardium IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291. 2020-09-01 4 CVE-2012-3340
CONFIRM
XF
ibm — infosphere_guardium IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. 2020-09-01 5 CVE-2012-3337
CONFIRM
XF
ibm — infosphere_guardium IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286. 2020-09-01 5 CVE-2012-3338
CONFIRM
XF
ibm — resilient_security_orchestration_automation_and_response IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. 2020-08-28 4 CVE-2019-4533
XF
CONFIRM
ibm — resilient_security_orchestration_automation_and_response IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. 2020-08-28 4 CVE-2019-4579
XF
CONFIRM
ibm — spectrum_protect IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. 2020-08-28 5 CVE-2020-4559
XF
CONFIRM
jenkins — database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. 2020-09-01 6.8 CVE-2020-2241
MLIST
CONFIRM
jenkins — database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. 2020-09-01 6.8 CVE-2020-2240
MLIST
CONFIRM
jenkins — database A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. 2020-09-01 4 CVE-2020-2242
MLIST
CONFIRM
jenkins — jenkins Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. 2020-09-01 4 CVE-2020-2251
MLIST
CONFIRM
jenkins — jsgames Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. 2020-09-01 4.3 CVE-2020-2248
MLIST
CONFIRM
jenkins — klocwork_analysis Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-09-01 4 CVE-2020-2247
MLIST
CONFIRM
jenkins — parameterized_remote_trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. 2020-09-01 4 CVE-2020-2239
MLIST
CONFIRM
jenkins — soapui_pro_functional_testing Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. 2020-09-01 4 CVE-2020-2250
MLIST
CONFIRM
jenkins — valgrind Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-09-01 5.5 CVE-2020-2245
MLIST
CONFIRM
jitsi — meet_electron jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. 2020-08-29 4.3 CVE-2020-25019
MISC
MISC
MISC
json_project — json This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. 2020-08-30 6.5 CVE-2020-7712
MISC
MISC
MISC
MISC
MISC
kleopatra_project — kleopatra The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. 2020-08-29 6.5 CVE-2020-24972
MISC
MISC
GENTOO
mara_cms_project — mara_cms Mara CMS 7.5 allows contact.php?theme= XSS. 2020-08-30 4.3 CVE-2020-24223
MISC
MISC
MISC
netgear — gs716tv2_firmware Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. 2020-08-28 4.3 CVE-2020-5621
JVN
MISC
MISC
MISC
nitori — nitori NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2020-08-28 5.8 CVE-2020-5623
MISC
o-dyn — collabtive An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. 2020-08-31 4.3 CVE-2020-13655
MISC
MISC
online_book_store_project — online_book_store In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. 2020-08-31 5 CVE-2020-24115
MISC
os4ed — opensis An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6136
MISC
os4ed — opensis SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 2020-09-01 6.5 CVE-2020-6130
MISC
os4ed — opensis An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6125
MISC
os4ed — opensis SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6128
MISC
os4ed — opensis SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6132
MISC
os4ed — opensis SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6133
MISC
os4ed — opensis SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6134
MISC
os4ed — opensis An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6135
MISC
os4ed — opensis SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 2020-09-01 6.5 CVE-2020-6126
MISC
os4ed — opensis SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 2020-09-01 6.5 CVE-2020-6129
MISC
os4ed — opensis SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 2020-09-01 6.5 CVE-2020-6131
MISC
os4ed — opensis An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6124
MISC
os4ed — opensis SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6127
MISC
os4ed — opensis SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6118
MISC
os4ed — opensis SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6119
MISC
os4ed — opensis SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6120
MISC
os4ed — opensis SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6121
MISC
os4ed — opensis SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6122
MISC
os4ed — opensis SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6117
MISC
os4ed — opensis An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-09-01 6.5 CVE-2020-6123
MISC
osticket — osticket osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. 2020-08-30 4.3 CVE-2020-24917
MISC
MISC
MISC
pix-link — lv-wr07_firmware XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. 2020-08-30 4.3 CVE-2020-24104
MISC
premid — premid managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. 2020-08-29 5 CVE-2020-24928
MISC
rgb-rust_project — rgb-rust A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. 2020-08-29 6.4 CVE-2020-25016
MISC
MISC
riken — xoonips Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2020-08-28 4.3 CVE-2020-5625
MISC
MISC
MISC
schneider-electric — somove Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. 2020-08-31 4.6 CVE-2020-7527
MISC
schneider-electric — spacelynk_firmware Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. 2020-08-31 5 CVE-2020-7525
MISC
schneider_electric — modbus_driver_suite Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. 2020-08-31 4.4 CVE-2020-7523
MISC
scratch-wiki — scratch_login in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. 2020-08-28 6.4 CVE-2020-15164
MISC
CONFIRM
shadan-kun — server_security_type Shadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted request. 2020-09-02 5 CVE-2020-5622
MISC
MISC
sick — lms111_firmware Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. 2020-08-31 5 CVE-2020-2075
MISC
slicedinvoices — sliced_invoices Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. 2020-08-31 5 CVE-2020-20625
MISC
spinnaker — orca The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. 2020-08-28 5 CVE-2020-9298
MISC
stiltsoft — table_filter_and_charts_for_confluence_server The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the “Table from CSV” macro (URL parameter). 2020-08-29 4 CVE-2020-24898
MISC
stock_management_system_project — stock_management_system A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. 2020-09-01 4.3 CVE-2020-23831
MISC
MISC
tailor_management_system_project — tailor_management_system A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing. 2020-09-01 4.3 CVE-2020-23835
MISC
u-root — u-root This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. 2020-09-01 5 CVE-2020-7666
CONFIRM
CONFIRM
u-root — u-root This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. 2020-09-01 5 CVE-2020-7665
MISC
MISC
usvn — usvn USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. 2020-09-01 6.8 CVE-2020-25070
MISC
xuxueli — xxl-job Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. 2020-09-03 4.3 CVE-2020-23814
MISC
MISC
zyxel — vmg5313-b30b_firmware Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. 2020-08-31 6.5 CVE-2020-24354
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
basercms — basercms baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. 2020-08-28 2.1 CVE-2020-15154
MISC
CONFIRM
basercms — basercms baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. 2020-08-28 2.1 CVE-2020-15155
MISC
MISC
CONFIRM
elementor — page_builder An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. 2020-08-31 3.5 CVE-2020-15020
MISC
MISC
gigadevice — gd32f103_firmware The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. 2020-08-31 2.1 CVE-2020-13472
MISC
gigadevice — gd32f103_firmware Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. 2020-08-31 2.1 CVE-2020-13470
MISC
gigadevice — gd32vf103_firmware The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. 2020-08-31 2.1 CVE-2020-13469
MISC
google — android An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). 2020-08-31 2.1 CVE-2020-25048
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020). 2020-08-31 2.1 CVE-2020-25047
MISC
google — android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020). 2020-08-31 2.1 CVE-2020-25046
MISC
ibm — infosphere_guardium IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 78294. 2020-09-01 3.5 CVE-2012-3341
CONFIRM
XF
ibm — spectrum_protect_server IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. 2020-08-28 1.9 CVE-2020-4591
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992. 2020-08-31 2.1 CVE-2020-4492
XF
CONFIRM
jenkins — build_failure_analyzer Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. 2020-09-01 3.5 CVE-2020-2244
MLIST
CONFIRM
jenkins — cadence_vmanager Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. 2020-09-01 3.5 CVE-2020-2243
MLIST
CONFIRM
jenkins — git_parameter Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the ‘Build with Parameters’ page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-01 3.5 CVE-2020-2238
MLIST
CONFIRM
jenkins — team_foundation_server Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. 2020-09-01 2.1 CVE-2020-2249
MLIST
CONFIRM
jenkins — valgrind Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. 2020-09-01 3.5 CVE-2020-2246
MLIST
CONFIRM
redlion — n-tron_702-w_firmware The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). 2020-09-01 3.5 CVE-2020-16206
MISC
FULLDISC
MISC
redlion — n-tron_702-w_firmware The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). 2020-09-01 3.5 CVE-2020-16210
MISC
FULLDISC
MISC
stiltsoft — table_filter_and_charts_for_confluence_server The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the “Table from CSV” macro. 2020-08-29 3.5 CVE-2020-24897
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. 2020-09-03 3.5 CVE-2020-25117
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. 2020-09-03 3.5 CVE-2020-25118
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. 2020-09-03 3.5 CVE-2020-25115
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. 2020-09-03 3.5 CVE-2020-25124
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. 2020-09-03 3.5 CVE-2020-25123
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. 2020-09-03 3.5 CVE-2020-25122
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. 2020-09-03 3.5 CVE-2020-25116
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. 2020-09-03 3.5 CVE-2020-25120
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. 2020-09-03 3.5 CVE-2020-25119
MISC
vbulletin — vbulletin The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. 2020-09-03 3.5 CVE-2020-25121
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accusoft — imagegear
 
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2020-09-01 not yet calculated CVE-2020-6151
MISC
accusoft — imagegear
 
A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file. 2020-09-01 not yet calculated CVE-2020-6152
MISC
add-apt-repository — add-apt-repository
 
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. 2020-09-05 not yet calculated CVE-2020-15709
MISC
apache — cassandra
 
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. 2020-09-01 not yet calculated CVE-2020-13946
MLIST
MLIST
MISC
apex_microelectronics — apm32f103_devices
 
Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. 2020-08-31 not yet calculated CVE-2020-13471
MISC
apex_microelectronics — apm32f103_devices
 
The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. 2020-08-31 not yet calculated CVE-2020-13463
MISC
aruba — clearpass A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. 2020-09-04 not yet calculated CVE-2020-7119
MISC
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. 2020-09-01 not yet calculated CVE-2020-14178
MISC
beijing_qihoo_technology — 360_speed_browser 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. 2020-09-03 not yet calculated CVE-2020-24158
MISC
best_support_system — best_support_system
 
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. 2020-09-04 not yet calculated CVE-2020-24963
MISC
MISC
bestzip — bestzip
 
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. 2020-09-04 not yet calculated CVE-2020-7730
MISC
MISC
bundler — bundler
 
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user’s home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. 2020-09-04 not yet calculated CVE-2019-3881
MISC
canonical — ubuntu
 
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. 2020-09-01 not yet calculated CVE-2020-15704
UBUNTU
UBUNTU
china_key_systems_&_integrated_circuit — cks32f103_devices The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. 2020-08-31 not yet calculated CVE-2020-13464
MISC
china_key_systems_&_integrated_circuit — cks32f103_devices
 
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. 2020-08-31 not yet calculated CVE-2020-13467
MISC
cisco — asyncos_and_email_security_appliance
 
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability. 2020-09-04 not yet calculated CVE-2020-3546
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system. 2020-09-04 not yet calculated CVE-2020-3478
CISCO
cisco — enterprise_nfv_infrastructure_software
 
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. 2020-09-04 not yet calculated CVE-2020-3365
CISCO
cisco — fxos_software
 
A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. 2020-09-04 not yet calculated CVE-2020-3545
CISCO
cisco — ios_xr_software
 
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group&ndash;based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. 2020-09-04 not yet calculated CVE-2020-3473
CISCO
cisco — ios_xr_software
 
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges. 2020-09-04 not yet calculated CVE-2020-3530
CISCO
cisco — jabber
 
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks. 2020-09-04 not yet calculated CVE-2020-3498
CISCO

cisco — jabber_for_windows

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks. 2020-09-04 not yet calculated CVE-2020-3537
CISCO
cisco — jabber_for_windows
 
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution. 2020-09-04 not yet calculated CVE-2020-3495
CISCO
cisco — jabber_for_windows
 
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. 2020-09-04 not yet calculated CVE-2020-3430
CISCO

cisco — multiple_products

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. 2020-09-04 not yet calculated CVE-2020-3541
CISCO
cisco — multiple_products
 
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. 2020-09-04 not yet calculated CVE-2020-3547
CISCO
cisco — small_business_rv340_series_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. 2020-09-04 not yet calculated CVE-2020-3451
CISCO
cisco — small_business_rv340_series_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. 2020-09-04 not yet calculated CVE-2020-3453
CISCO
cisco — webex_training
 
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting. 2020-09-04 not yet calculated CVE-2020-3542
CISCO
cloud_foundry — capi
 
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the “cloud_controller.read” scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). 2020-09-03 not yet calculated CVE-2020-5418
CONFIRM
cloud_foundry — routing
 
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with “cf push” access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters. 2020-09-03 not yet calculated CVE-2020-5420
CONFIRM
concrete5 — concrete5
 
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. 2020-09-04 not yet calculated CVE-2020-24986
MISC
d-link — dcs-2530l_and_dcs-2670l_devices
 
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. 2020-09-02 not yet calculated CVE-2020-25079
MISC
MISC
d-link — dcs-2530l_and_dcs-2670l_devices
 
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. 2020-09-02 not yet calculated CVE-2020-25078
MISC
MISC
dell — emc_ecs
 
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. 2020-09-02 not yet calculated CVE-2020-5386
MISC
dell — emc_isilon_onefs
 
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. 2020-09-02 not yet calculated CVE-2020-5369
MISC
dell — g7_17_7790_bios
 
Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). 2020-09-02 not yet calculated CVE-2020-5378
MISC
dell — inspiron_7347_bios
 
Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). 2020-09-02 not yet calculated CVE-2020-5376
MISC
dell — inspiron_7352_bios
 
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). 2020-09-02 not yet calculated CVE-2020-5379
MISC
django — django An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. 2020-09-01 not yet calculated CVE-2020-24583
MISC
MISC
MISC
UBUNTU
MISC
MISC
django — django An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system’s standard umask rather than 0o077. 2020-09-01 not yet calculated CVE-2020-24584
MISC
MISC
MISC
UBUNTU
MISC
MISC
dolibarr — dolibarr Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). 2020-09-02 not yet calculated CVE-2020-14209
CONFIRM
MISC
dolibarr — dolibarr
 
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. 2020-08-31 not yet calculated CVE-2020-13828
MISC
duffel — paginator
 
There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. 2020-09-01 not yet calculated CVE-2020-15150
CONFIRM
CONFIRM
CONFIRM
CONFIRM
enghouse — web_chat
 
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951. 2020-09-03 not yet calculated CVE-2020-13972
MISC
eramba — eramba_and_eramba_enterprise eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. 2020-09-03 not yet calculated CVE-2020-25104
MISC
MISC
eramba — eramba_and_eramba_enterprise eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). 2020-09-03 not yet calculated CVE-2020-25105
MISC
MISC
erlang — rebar3
 
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. 2020-09-02 not yet calculated CVE-2020-13802
MISC
MISC
MISC
espressif — esp32_devices The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. 2020-08-31 not yet calculated CVE-2020-13594
MISC
MISC
MISC
espressif — esp32_devices
 
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target’s BLE stack) by sending a crafted sequence of BLE packets. 2020-08-31 not yet calculated CVE-2020-13595
MISC
MISC
MISC
facebook — hermes
 
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2020-09-04 not yet calculated CVE-2020-1911
CONFIRM
CONFIRM
forlogic — qualiex ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. 2020-09-02 not yet calculated CVE-2020-24028
MISC
MISC
MISC
forlogic — qualiex Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. 2020-09-02 not yet calculated CVE-2020-24029
MISC
MISC
forlogic — qualiex ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. 2020-09-02 not yet calculated CVE-2020-24030
MISC
MISC
foxit — reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. 2020-09-04 not yet calculated CVE-2020-12247
MISC
foxit — reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. 2020-09-04 not yet calculated CVE-2020-12248
MISC
foxit — reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. 2020-09-04 not yet calculated CVE-2020-11493
MISC
freedombox — freedombox
 
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. 2020-09-02 not yet calculated CVE-2020-25073
MISC
ghostscript — ghostscript
 
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. 2020-09-03 not yet calculated CVE-2020-14373
MISC
MISC
MISC
gmapfp — gmapfp gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. 2020-09-01 not yet calculated CVE-2020-23971
MISC
gnome_project — libxml2 GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). 2020-09-04 not yet calculated CVE-2020-24977
MISC
gnu — bison
 
An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character ‘\’ at the end and while still in a character or a string. 2020-09-04 not yet calculated CVE-2020-24980
MISC
MISC
gnu — bison
 
A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash. 2020-09-04 not yet calculated CVE-2020-24979
MISC
MISC
gnupg — gnupg
 
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker’s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. 2020-09-03 not yet calculated CVE-2020-25125
MLIST
MLIST
MISC
MISC
MISC
MISC
gnutls — gnutls
 
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application’s error handling path, where the gnutls_deinit function is called after detecting a handshake failure. 2020-09-04 not yet calculated CVE-2020-24659
MISC
GENTOO
MISC
grunt — grunt
 
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. 2020-09-03 not yet calculated CVE-2020-7729
CONFIRM
CONFIRM
CONFIRM
CONFIRM
guangzhou_netease_computer_system — netease_mail_master Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. 2020-09-03 not yet calculated CVE-2020-24161
MISC
guangzhou_netease_computer_system — netease_youdao_dictionary NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. 2020-09-03 not yet calculated CVE-2020-24159
MISC
huawei — honor_20_pro_smartphones Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. 2020-09-03 not yet calculated CVE-2020-9235
MISC
huawei — mate_20_smartphones
 
HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. 2020-09-03 not yet calculated CVE-2020-9083
MISC
huawei — multiple_products
 
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. 2020-09-03 not yet calculated CVE-2020-9199
MISC
ibm — api_connect
 
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933. 2020-09-03 not yet calculated CVE-2020-4337
XF
CONFIRM
ibm — api_manager
 
IBM API Connect’s API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. 2020-09-03 not yet calculated CVE-2020-4638
XF
CONFIRM
ibm — aspera_connect
 
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. 2020-09-04 not yet calculated CVE-2020-4545
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187. 2020-09-04 not yet calculated CVE-2020-4702
XF
CONFIRM
ibm — infosphere_metadata_asset_manager
 
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. 2020-09-04 not yet calculated CVE-2020-4632
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397. 2020-09-02 not yet calculated CVE-2020-4522
XF
CONFIRM
ibm — jazz_team_server
 
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122. 2020-09-02 not yet calculated CVE-2020-4445
XF
CONFIRM
ibm — jazz_team_server
 
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314. 2020-09-02 not yet calculated CVE-2020-4546
XF
CONFIRM
ibm — spectrum_protect_operations_center
 
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. 2020-09-02 not yet calculated CVE-2020-4693
XF
CONFIRM
ignite_realtime — openfire
 
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName”, “searchValue”, “searchDescription”, “searchDefaultValue”,”searchPlugin”, “searchDescription” and “searchDynamic” in the Server Properties and Security Audit Viewer JSP page 2020-09-02 not yet calculated CVE-2020-24602
MISC
ignite_realtime — openfire
 
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName”, “alias” in the import certificate trusted page 2020-09-02 not yet calculated CVE-2020-24601
MISC
ignite_realtime — openfire
 
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request “searchName”, “searchValue”, “searchDescription”, “searchDefaultValue”,”searchPlugin”, “searchDescription” and “searchDynamic” in server-properties.jsp and security-audit-viewer.jsp 2020-09-02 not yet calculated CVE-2020-24604
MISC

kaspersky — security_center_and_security_center_web_console

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system. 2020-09-02 not yet calculated CVE-2020-25045
MISC
kaspersky — virus_removal_tool
 
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. 2020-09-02 not yet calculated CVE-2020-25044
MISC
kaspersky — vpn_secure_connection The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. 2020-09-02 not yet calculated CVE-2020-25043
MISC
kde — ark
 
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user’s home directory. 2020-09-02 not yet calculated CVE-2020-24654
SUSE
CONFIRM
CONFIRM
CONFIRM
DEBIAN
laravel — laravel
 
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. 2020-09-04 not yet calculated CVE-2020-24940
MISC
laravel — laravel
 
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. 2020-09-04 not yet calculated CVE-2020-24941
MISC
lenovo — multiple_thinkpad_devices
 
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. 2020-09-01 not yet calculated CVE-2020-8341
MISC
lenovo — thinkpad_a285_devices
 
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. 2020-09-01 not yet calculated CVE-2020-8335
MISC
librehealth — ehr
 
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. 2020-09-01 not yet calculated CVE-2020-23829
MISC
MISC
liferay — liferay_portal The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. 2020-09-01 not yet calculated CVE-2020-24554
MISC
CONFIRM
linux — linux_kernel A flaw was found in the Linux kernel’s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. 2020-09-03 not yet calculated CVE-2020-10720
MISC
MISC
magmi — magmi
 
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a “Too many connections” error, then use default magmi:magmi basic authentication to remotely bypass authentication. 2020-09-01 not yet calculated CVE-2020-5777
MISC
magmi — magmi
 
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. 2020-09-01 not yet calculated CVE-2020-5776
MISC
mara_cms — mara_cms
 
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. 2020-09-03 not yet calculated CVE-2020-25042
MISC
MISC
mcafee — true_key
 
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. 2020-09-04 not yet calculated CVE-2020-7299
CONFIRM
midnightbsd_and_freebsd — midnightbsd_and_freebsd A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. 2020-09-03 not yet calculated CVE-2020-24863
CONFIRM
MISC
CONFIRM
MISC
midnightbsd_and_freebsd — midnightbsd_and_freebsd In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). 2020-09-03 not yet calculated CVE-2020-24385
CONFIRM
MISC
milller — miller In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. 2020-09-02 not yet calculated CVE-2020-15167
CONFIRM
modicon — m218_logic_controller
 
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. 2020-08-31 not yet calculated CVE-2020-7524
MISC
multiple_vendors — multiple_products
 
All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements. 2020-09-01 not yet calculated CVE-2020-14514
MISC
multiux — multiux
 
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field. 2020-09-02 not yet calculated CVE-2020-17458
MISC
MISC
nasm — nasm
 
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. 2020-09-04 not yet calculated CVE-2020-24978
MISC
netapp — clustered_data_ontap Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. 2020-09-02 not yet calculated CVE-2020-8576
MISC
netgear — r8300_devices NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. 2020-09-01 not yet calculated CVE-2020-25067
MISC
noise-java — noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 not yet calculated CVE-2020-25022
MISC
FULLDISC
MISC
CONFIRM
noise-java — noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 not yet calculated CVE-2020-25023
MISC
FULLDISC
MISC
CONFIRM
noise-java — noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. 2020-09-04 not yet calculated CVE-2020-25021
MISC
FULLDISC
MISC
CONFIRM
open-xchange — ox_app_suite
 
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. 2020-08-31 not yet calculated CVE-2020-12646
MISC
open-xchange — ox_app_suite
 
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. 2020-08-31 not yet calculated CVE-2020-12643
FULLDISC
MISC
open-xchange — ox_app_suite
 
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. 2020-08-31 not yet calculated CVE-2020-12644
MISC
MISC
open-xchange — ox_app_suite
 
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. 2020-08-31 not yet calculated CVE-2020-12645
MISC
MISC
openfind — mail2000
 
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. 2020-09-01 not yet calculated CVE-2020-12776
CONFIRM
oscommerce — ce_phoenix Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. 2020-09-03 not yet calculated CVE-2020-12058
MISC
MISC
MISC
oswapp — warehouse_inventory_system A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin’s password after an authenticated admin visits a third-party site. 2020-09-01 not yet calculated CVE-2020-23836
MISC
MISC
pancake — pancake
 
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. 2020-09-03 not yet calculated CVE-2020-24876
MISC
php-fusion — php-fusion
 
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). 2020-09-03 not yet calculated CVE-2020-24949
MISC
phpkb — phpkb
 
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. 2020-09-03 not yet calculated CVE-2020-11579
MISC
MISC
MISC
MISC
project_acrn — acrn
 
Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime. 2020-08-31 not yet calculated CVE-2020-15687
MISC
MISC
MISC
python_packaging_authority — python_package_index
 
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. 2020-09-04 not yet calculated CVE-2019-20916
MISC
MISC
MISC
qemu — qemu
 
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. 2020-08-31 not yet calculated CVE-2020-12829
MISC
UBUNTU
raonwiz — roan_kupload RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier. 2020-09-02 not yet calculated CVE-2020-7830
MISC
rapid7 — metasploit
 
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server. 2020-09-01 not yet calculated CVE-2019-5645
MISC
rapid7 — nexpose
 
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40. 2020-09-03 not yet calculated CVE-2020-7382
CONFIRM
rapid7 — nexpose
 
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name. 2020-09-03 not yet calculated CVE-2020-7381
CONFIRM
razer_chroma — sdk_rest_server
 
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under “%PROGRAMDATA%\Razer Chroma\SDK\Apps” can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. 2020-09-02 not yet calculated CVE-2020-16602
MISC
MISC
MISC
real_time_logic — barracudadrive
 
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem. 2020-09-04 not yet calculated CVE-2020-23834
MISC
MISC
red_lion — n-tron_702-w_and_n-tron_702m12-w_devices The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). 2020-09-01 not yet calculated CVE-2020-16208
MISC
FULLDISC
MISC
sagemcom — f@st_5280_routers
 
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. 2020-09-01 not yet calculated CVE-2020-24034
MISC
FULLDISC
MISC
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020). 2020-08-31 not yet calculated CVE-2020-25054
MISC
senstar — symphony
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980. 2020-09-01 not yet calculated CVE-2020-17405
N/A
setelsa — conacwin
 
Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. 2020-09-03 not yet calculated CVE-2020-25068
MISC
MISC
MISC
shenzhen_tencent_computer_system — tencent_app_pc The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. 2020-09-03 not yet calculated CVE-2020-24162
MISC
shenzhen_tencent_computer_system — tim_windows_client Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. 2020-09-03 not yet calculated CVE-2020-24160
MISC
silverstripe-advancereports — silverstripe-advancereports silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. 2020-09-03 not yet calculated CVE-2020-25102
MISC
MISC
sourcecodester — daily_tracker_system A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. 2020-09-03 not yet calculated CVE-2020-24193
MISC
MISC
sourcecodester — stock_management_system
 
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim’s username when they visit a third-party site. 2020-09-02 not yet calculated CVE-2020-23830
MISC
MISC
spiceworks — spiceworks
 
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. 2020-09-01 not yet calculated CVE-2020-23450
MISC
MISC
MISC

squid — squid

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. 2020-09-02 not yet calculated CVE-2020-15811
SUSE
MISC
FEDORA
FEDORA
UBUNTU
DEBIAN
squid — squid
 
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. 2020-09-02 not yet calculated CVE-2020-15810
SUSE
MISC
FEDORA
FEDORA
UBUNTU
DEBIAN
stmicroelectronics — stm32f103_devices STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. 2020-08-31 not yet calculated CVE-2020-13466
MISC
superantispyware — professional_x_trail
 
SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware. 2020-09-01 not yet calculated CVE-2020-24955
MISC
MISC
suse — multiple_products
 
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1. 2020-09-01 not yet calculated CVE-2020-8023
CONFIRM
suse — opensuse_open_build_service
 
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service . 2020-09-01 not yet calculated CVE-2018-12475
CONFIRM
symfony — symfony
 
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5. 2020-09-02 not yet calculated CVE-2020-15094
MISC
CONFIRM
MISC
MISC
teamwire — teamwire
 
The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. 2020-09-02 not yet calculated CVE-2020-12621
MISC
MISC
tenda — ac18_router Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to “radius”. 2020-09-04 not yet calculated CVE-2020-24987
MISC
MISC
texas_instruments — simplelink-cc2640r2-sdk The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device’s function by establishing an encrypted session with an unauthenticated Long Term Key (LTK). 2020-08-31 not yet calculated CVE-2020-13593
MISC
MISC
MISC
thomson_and_philips — tht741fta_and_dtr3502bfta_dvb-t2_devices THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. 2020-08-31 not yet calculated CVE-2020-11618
MISC
thomson_and_philips — tht741fta_and_dtr3502bfta_dvb-t2_devices
 
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn’t validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. 2020-08-31 not yet calculated CVE-2020-11617
MISC
thomson_reuters — eikon
 
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions. 2020-09-03 not yet calculated CVE-2019-10679
MISC
FULLDISC
MISC
MISC
MISC
tp-link — tl-wa855re_v5_devices
 
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. 2020-08-31 not yet calculated CVE-2020-24363
MISC
MISC
MISC
trading_technologies_messaging — trading_technologies_messaging A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It’s been observed that ttmd.exe terminates as a result. 2020-09-02 not yet calculated CVE-2020-5779
MISC
trading_technologies_messaging — trading_technologies_messaging A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe. 2020-09-02 not yet calculated CVE-2020-5778
MISC
trend_micro — apex_one A vulnerability in an Trend Micro Apex One dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2020-09-01 not yet calculated CVE-2020-24558
MISC
MISC
trend_micro — apex_one_and_officescan_xg_sp1 A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. 2020-09-01 not yet calculated CVE-2020-24556
MISC
MISC
MISC
trend_micro — apex_one_on_macos
 
A vulnerability in Trend Micro Apex One on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2020-09-01 not yet calculated CVE-2020-24559
MISC
MISC
trend_micro — apex_one_on_microsoft_windows
 
A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. 2020-09-01 not yet calculated CVE-2020-24557
MISC
MISC
trusted_firmware — mbed_tls A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. 2020-09-02 not yet calculated CVE-2020-16150
MISC
CONFIRM
typo3 — typo3 The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). 2020-09-02 not yet calculated CVE-2020-25025
MISC
CONFIRM
typo3 — typo3 The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control. 2020-09-02 not yet calculated CVE-2020-25026
MISC
CONFIRM
u-root — u-root
 
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. 2020-09-01 not yet calculated CVE-2020-7669
CONFIRM
CONFIRM
ucms — ucms
 
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. 2020-09-04 not yet calculated CVE-2020-24981
MISC
vmware — rabbitmq
 
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. 2020-08-31 not yet calculated CVE-2020-5419
CONFIRM

whatsapp — multiple_products

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices. 2020-09-03 not yet calculated CVE-2020-1891
CONFIRM
whatsapp — multiple_products A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message. 2020-09-03 not yet calculated CVE-2020-1894
CONFIRM
whatsapp — whatsapp_desktop
 
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. 2020-09-03 not yet calculated CVE-2019-11928
CONFIRM
whatsapp — whatsapp_desktop
 
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process. 2020-09-03 not yet calculated CVE-2020-1889
CONFIRM

whatsapp — whatsapp_for_android_and_whatsapp_business_for_android

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction. 2020-09-03 not yet calculated CVE-2020-1890
CONFIRM

whatsapp — whatsapp_for_android_and_whatsapp_business_for_android

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call. 2020-09-03 not yet calculated CVE-2020-1886
CONFIRM
wordpress — wordpress lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. 2020-08-31 not yet calculated CVE-2020-20626
MISC
wordpress — wordpress The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. 2020-08-31 not yet calculated CVE-2020-20627
MISC
wordpress — wordpress
 
The ao_ccss_import AJAX call in Autoptimize WordPress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. 2020-09-03 not yet calculated CVE-2020-24948
MISC
xpdf — xpdf
 
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2020-09-03 not yet calculated CVE-2020-24999
MISC
xpdf — xpdf
 
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2020-09-03 not yet calculated CVE-2020-24996
MISC
xxl-job — xxl-job xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. 2020-09-03 not yet calculated CVE-2020-23811
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. 2020-09-04 not yet calculated CVE-2020-14008
MISC
MISC
MISC
zoho — manageengine_exchange_reporter_plus
 
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise. 2020-08-31 not yet calculated CVE-2020-24786
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zte — zxiptv_and_zxiptv-web-pv A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. 2020-09-01 not yet calculated CVE-2020-6874
MISC
zte — zxr1-_2800-4_almpufb(low)
 
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40. 2020-09-01 not yet calculated CVE-2020-6873
MISC
zyxel — vmg5313-b30b_router
 
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing “FirstIndex” field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. 2020-09-02 not yet calculated CVE-2020-24355
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 31, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
13enforme — 13enforme_cms 13enforme CMS 1.0 has SQL Injection via the ‘content.php’ id parameter. 2020-08-27 7.5 CVE-2020-23979
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. 2020-08-25 9 CVE-2020-17384
MISC
ibm — connect\ IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. 2020-08-24 7.2 CVE-2020-4587
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. 2020-08-26 9 CVE-2019-4713
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. 2020-08-26 7.5 CVE-2019-4694
XF
CONFIRM
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501. 2020-08-25 9 CVE-2020-15642
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549. 2020-08-25 9 CVE-2020-15643
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550. 2020-08-25 9 CVE-2020-15644
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. 2020-08-25 9 CVE-2020-15645
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. 2020-08-25 9 CVE-2020-17387
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799. 2020-08-25 9 CVE-2020-17388
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. 2020-08-25 9 CVE-2020-17389
MISC
MISC
moog — exvf5c-2_firmware The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. 2020-08-21 10 CVE-2020-24051
MISC
MISC
moog — exvf5c-2_firmware The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a ‘statusbroadcast’ command that can spawn a given process repeatedly at a certain time interval as ‘root’. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as ‘${IFS}’. As a result, an attacker can execute arbitrary commands as ‘root’ on the units. 2020-08-21 10 CVE-2020-24054
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. 2020-08-21 7.2 CVE-2020-9063
MISC
MISC
MISC
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. 2020-08-21 7.2 CVE-2020-10126
MISC
MISC
nextcloud — nextcloud Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. 2020-08-21 7.1 CVE-2020-8227
MISC
MISC
safe-eval_project — safe-eval This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. 2020-08-21 7.5 CVE-2020-7710
MISC
MISC
sierrawireless — aleos A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. 2020-08-21 9 CVE-2019-11859
MISC
sintef — urx Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could ‘cook’ a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system 2020-08-21 7.2 CVE-2020-10290
CONFIRM
softing — opc Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. 2020-08-25 7.5 CVE-2020-14524
MISC
soluzioneglobale — ecommerce_cms SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter ” offerta.php” 2020-08-27 7.5 CVE-2020-23978
MISC
MISC
verint — 5620ptz_firmware Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable ‘/usr/sbin/DM’ that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication. 2020-08-21 7.5 CVE-2020-24055
MISC
MISC
verint — s5120fd_firmware The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint (‘ipfilter.cgi’) that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as ‘root’. 2020-08-21 9 CVE-2020-24057
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
13enforme — 13enforme_cms 13enforme CMS 1.0 has Cross Site Scripting via the “content.php” id parameter. 2020-08-27 4.3 CVE-2020-23981
MISC
asus — rt-ac1900p_firmware An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. 2020-08-26 4.3 CVE-2020-15499
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. 2020-08-25 4 CVE-2020-17386
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. 2020-08-25 5 CVE-2020-17385
MISC
cisco — data_center_network_manager A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. 2020-08-26 5.5 CVE-2020-3519
CISCO
cisco — data_center_network_manager A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system. 2020-08-26 4 CVE-2020-3521
CISCO
cloudfoundry — cf-deployment Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. 2020-08-21 4 CVE-2020-5416
CONFIRM
cloudfoundry — cf-deployment Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components. 2020-08-21 6.5 CVE-2020-5417
CONFIRM
codiad — codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder’s name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-25 4.3 CVE-2020-14042
MISC
MISC
cogboard — red_discord_bot In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module’s leaderboard command. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11. 2020-08-21 5.5 CVE-2020-15140
MISC
CONFIRM
cogboard — red_discord_bot Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted “going live” messages to inject code into the Streams module’s going live message. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. 2020-08-21 6 CVE-2020-15147
MISC
MISC
CONFIRM
cybersolutions — cybermail Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. 2020-08-25 4.3 CVE-2020-5540
MISC
MISC
cybersolutions — cybermail Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. 2020-08-25 5.8 CVE-2020-5541
MISC
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form ‘Name’ in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. 2020-08-24 4.3 CVE-2020-19880
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET[‘dbhcms_pid’] variable in dbhcms\page.php line 107, 2020-08-24 4.3 CVE-2020-19879
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. 2020-08-24 5 CVE-2020-19878
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2020-08-24 5 CVE-2020-19877
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an unauthorized operation vulnerability because there’s no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table. 2020-08-24 4.3 CVE-2020-19888
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET[‘file’] is filename,and as there is no filter function for security, you can read any file’s content. 2020-08-24 4 CVE-2020-19890
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST[‘updatefile’] is filename and $_POST[‘tinymce_content’] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. 2020-08-24 6.5 CVE-2020-19891
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. 2020-08-24 6.8 CVE-2020-19889
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. 2020-08-24 4.3 CVE-2020-19886
MISC
dolibarr — dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which “disabled” is changed to “enabled” in the HTML source code. 2020-08-21 4 CVE-2020-14201
CONFIRM
MISC
elementor — elementor_page_builder Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. 2020-08-21 4 CVE-2020-20634
MISC
gog — galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based “trusted client” protection mechanism. 2020-08-21 6.9 CVE-2020-24574
MISC
MISC
MISC
goxmldsig_project — goxmldsig This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. 2020-08-23 5 CVE-2020-7711
MISC
MISC
huawei — fusioncompute FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. 2020-08-21 4 CVE-2020-9246
MISC
ibm — elastic_storage_server IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165. 2020-08-24 4 CVE-2020-4383
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. 2020-08-26 5 CVE-2019-4686
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. 2020-08-26 4 CVE-2019-4697
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. 2020-08-26 4.3 CVE-2019-4688
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. 2020-08-26 4 CVE-2019-4699
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. 2020-08-26 5 CVE-2019-4689
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. 2020-08-26 5 CVE-2019-4692
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. 2020-08-26 5 CVE-2019-4698
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. 2020-08-26 5 CVE-2019-4701
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. 2020-08-26 5 CVE-2018-1501
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. 2020-08-27 5 CVE-2020-4166
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. 2020-08-24 4.3 CVE-2020-4170
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. 2020-08-27 4 CVE-2020-4171
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. 2020-08-27 5 CVE-2020-4174
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. 2020-08-27 5 CVE-2020-4169
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. 2020-08-27 5 CVE-2020-4172
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. 2020-08-27 6.5 CVE-2020-4603
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. 2020-08-27 6.4 CVE-2020-4167
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. 2020-08-24 5.8 CVE-2020-4598
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. 2020-08-27 4.3 CVE-2020-4575
XF
CONFIRM
instructure — canvas_learning_management_service Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. 2020-08-21 5 CVE-2020-5775
MISC
isc — bind In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “–enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker 2020-08-21 4.3 CVE-2020-8623
CONFIRM
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
DEBIAN
CONFIRM
isc — bind In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and ‘forward first’ then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that ‘forward only’ are not affected. 2020-08-21 4.3 CVE-2020-8621
CONFIRM
GENTOO
CONFIRM
UBUNTU
CONFIRM
isc — bind In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. 2020-08-21 5 CVE-2020-8620
CONFIRM
GENTOO
CONFIRM
UBUNTU
CONFIRM
isc — bind In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. 2020-08-21 4 CVE-2020-8622
CONFIRM
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
isc — bind In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone’s content could abuse these unintended additional privileges to update other contents of the zone. 2020-08-21 4 CVE-2020-8624
CONFIRM
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
DEBIAN
CONFIRM
joomla — joomla\! An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. 2020-08-26 5.8 CVE-2020-24598
MISC
joomla — joomla\! An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. 2020-08-26 4.3 CVE-2020-24599
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499. 2020-08-25 5 CVE-2020-15641
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497. 2020-08-25 5 CVE-2020-15640
MISC
MISC
mongodb — mongodb A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem’s support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. 2020-08-21 4 CVE-2020-7923
MISC
MLIST
moog — exvf5c-2_firmware Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 5 CVE-2020-24053
MISC
MISC
moog — exvf5c-2_firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. 2020-08-21 6.4 CVE-2020-24052
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. 2020-08-21 4.6 CVE-2020-10125
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. 2020-08-21 4.4 CVE-2020-10124
MISC
MISC
nexusdb — nexusdb NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. 2020-08-21 5 CVE-2020-24571
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11304. 2020-08-25 4.6 CVE-2020-17400
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134. 2020-08-25 4.6 CVE-2020-17395
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519. 2020-08-25 4.6 CVE-2020-17392
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217. 2020-08-25 4.6 CVE-2020-17396
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11303. 2020-08-25 4.6 CVE-2020-17399
MISC
MISC
philips — dreammapper Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. 2020-08-21 5 CVE-2020-14518
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-08-21 4 CVE-2020-16239
MISC
postgresql — postgresql It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. 2020-08-24 6.5 CVE-2020-14349
SUSE
SUSE
SUSE
MISC
GENTOO
postgresql — postgresql It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. 2020-08-24 4.4 CVE-2020-14350
SUSE
SUSE
SUSE
SUSE
MISC
DEBIAN
GENTOO
redhat — ansible A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. 2020-08-26 6.1 CVE-2019-14904
MISC
MISC
secomea — gatemanager_8250_firmware GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. 2020-08-25 5 CVE-2020-14512
MISC
sierrawireless — aleos Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. 2020-08-21 6.5 CVE-2019-11858
MISC
sierrawireless — aleos The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. 2020-08-21 4.6 CVE-2019-11862
MISC
sierrawireless — aleos Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. 2020-08-21 4 CVE-2019-11857
MISC
softing — opc Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. 2020-08-25 5 CVE-2020-14522
MISC
techkshetrainfo — savsoft_quiz TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. 2020-08-25 4.3 CVE-2020-24609
MISC
verint — 5620ptz_firmware A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 5 CVE-2020-24056
MISC
MISC
vmware — cloud_foundation VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. 2020-08-21 5 CVE-2020-3976
MISC
webdesi9 — file_manager mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. 2020-08-26 5 CVE-2020-24312
MISC
wolfssl — wolfssl An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. 2020-08-21 5 CVE-2020-12457
MISC
CONFIRM
wolfssl — wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). 2020-08-21 6.9 CVE-2020-15309
CONFIRM
wolfssl — wolfssl An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. 2020-08-21 5 CVE-2020-24585
MISC
MISC
wso2 — api_manager The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. 2020-08-21 6.4 CVE-2020-24589
MISC
wso2 — api_manager The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. 2020-08-21 6.4 CVE-2020-24590
MISC
wso2 — api_manager The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. 2020-08-21 5.5 CVE-2020-24591
MISC
zulip — zulip_server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. 2020-08-21 6.5 CVE-2020-15070
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. 2020-08-21 5.8 CVE-2020-14194
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. 2020-08-21 5 CVE-2020-14215
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. 2020-08-21 4.3 CVE-2020-12759
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — data_center_network_manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 3.5 CVE-2020-3439
CISCO
cisco — data_center_network_manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 3.5 CVE-2020-3518
CISCO
cisco — data_center_network_manager A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege. 2020-08-26 2.1 CVE-2020-3520
CISCO
cookielawinfo — gdpr_cookie_consent ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. 2020-08-21 3.5 CVE-2020-20633
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. 2020-08-24 3.5 CVE-2020-19884
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_description’]’ variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19887
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_name’]’ variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19885
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19883
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘menu_description’ variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19882
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET[‘return_name’] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19881
MISC
dieboldnixdorf — probase Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. 2020-08-21 2.1 CVE-2020-9062
MISC
exceedone — exment Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. 2020-08-25 3.5 CVE-2020-5619
MISC
MISC
exceedone — exment Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. 2020-08-25 3.5 CVE-2020-5620
MISC
MISC
huawei — p30_firmware HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. 2020-08-21 3.3 CVE-2020-9104
MISC
huawei — p30_pro_firmware HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. 2020-08-21 2.1 CVE-2020-9095
MISC
huawei — p30_pro_firmware HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. 2020-08-21 2.1 CVE-2020-9096
MISC
ibm — elastic_storage_server IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. 2020-08-24 2.1 CVE-2020-4382
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. 2020-08-26 3.5 CVE-2019-4691
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. 2020-08-26 2.1 CVE-2019-4695
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. 2020-08-26 2.1 CVE-2019-4693
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. 2020-08-24 2.1 CVE-2020-4593
XF
CONFIRM
mcafee — total_protection Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. 2020-08-21 3.3 CVE-2020-7310
CONFIRM
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Configuration.” 2020-08-26 3.5 CVE-2020-23657
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Content.” 2020-08-26 3.5 CVE-2020-23656
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module “Shop.” 2020-08-26 3.5 CVE-2020-23654
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Configuration.” 2020-08-26 3.5 CVE-2020-23655
MISC
ncr — aptra_xfs The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. 2020-08-21 2.1 CVE-2020-10123
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. 2020-08-21 3.5 CVE-2020-8189
MISC
MISC
osticket — osticket osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info[‘notes’] call. 2020-08-26 3.5 CVE-2020-16193
MISC
CONFIRM
parallels — parallels_desktop This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520. 2020-08-25 2.1 CVE-2020-17393
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302. 2020-08-25 2.1 CVE-2020-17398
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363. 2020-08-25 2.1 CVE-2020-17401
MISC
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2020-08-21 2.1 CVE-2020-16241
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. 2020-08-21 2.1 CVE-2020-16237
MISC
tenable — nessus Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. 2020-08-21 3.6 CVE-2020-5774
MISC
vmware — app_volumes VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim’s browser when viewing. 2020-08-21 3.5 CVE-2020-3975
MISC
webport_project — webport WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the “connections” feature. 2020-08-26 3.5 CVE-2020-23659
MISC
webtareas_project — webtareas webTareas v2.1 is affected by Cross Site Scripting (XSS) on “Search.” 2020-08-26 3.5 CVE-2020-23660
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — iview
 
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. 2020-08-25 not yet calculated CVE-2020-16245
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
akamai — enterprise_access_client
 
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. 2020-08-26 not yet calculated CVE-2019-18847
MISC
MISC
aruba — intelligent_edge_switch_series
 
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. 2020-08-26 not yet calculated CVE-2019-5320
MISC
aruba — intelligent_edge_switch_series
 
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. 2020-08-26 not yet calculated CVE-2019-5321
MISC
asus — rt-ac1900p_routers
 
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the –no-check-certificate option passed to wget tool used to download firmware update files. 2020-08-26 not yet calculated CVE-2020-15498
MISC
atlassian — table_filter_and_charts_for_confluence_server
 
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the “Table from CSV” macro (URL parameter). 2020-08-29 not yet calculated CVE-2020-24898
MISC
atlassian — table_filter_and_charts_for_confluence_server
 
The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the “Table from CSV” macro. 2020-08-29 not yet calculated CVE-2020-24897
MISC
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15154
MISC
CONFIRM
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15159
MISC
MISC
CONFIRM
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15155
MISC
MISC
CONFIRM
chameleon — mini_live_debugger
 
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it’s sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. 2020-08-28 not yet calculated CVE-2020-15165
CONFIRM
MISC
cisco — connected_mobile_experiences
 
A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials. 2020-08-26 not yet calculated CVE-2020-3151
CISCO
cisco — connected_mobile_experiences
 
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials. 2020-08-26 not yet calculated CVE-2020-3152
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. 2020-08-26 not yet calculated CVE-2020-3522
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-08-26 not yet calculated CVE-2020-3523
CISCO
cisco — discovery_protocol
 
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3506
CISCO
cisco — discovery_protocol
 
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3507
CISCO
cisco — discovery_protocol
 
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3505
CISCO
cisco — dna_center
 
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 not yet calculated CVE-2020-3466
CISCO
cisco — fabric_services
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. 2020-08-27 not yet calculated CVE-2020-3517
CISCO
cisco — hyperflex_hx-series
 
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. 2020-08-26 not yet calculated CVE-2020-3389
CISCO
cisco — ios_xr_software
 
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. 2020-08-29 not yet calculated CVE-2020-3566
CISCO
cisco — nexus_3000_series_switches
 
A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. 2020-08-27 not yet calculated CVE-2020-3394
CISCO
cisco — nx-os_software

 

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 2020-08-27 not yet calculated CVE-2020-3398
CISCO
cisco — nx-os_software
 
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS. 2020-08-27 not yet calculated CVE-2020-3454
CISCO
cisco — nx-os_software
 
A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 2020-08-27 not yet calculated CVE-2020-3397
CISCO
cisco — nx-os_software
 
A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. 2020-08-27 not yet calculated CVE-2020-3415
CISCO
cisco — nx-os_software
 
A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device. 2020-08-27 not yet calculated CVE-2020-3338
CISCO
cisco — small_business_smart_and_managed_switches
 
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. 2020-08-26 not yet calculated CVE-2020-3496
CISCO
cisco — smart_software_manager_on-prem
 
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. 2020-08-26 not yet calculated CVE-2020-3443
CISCO
cisco — ucs_manager_software
 
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. 2020-08-27 not yet calculated CVE-2020-3504
CISCO
cisco — virtual_wide_area_application_services
 
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. 2020-08-26 not yet calculated CVE-2020-3446
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. 2020-08-26 not yet calculated CVE-2020-3485
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. 2020-08-26 not yet calculated CVE-2020-3490
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. 2020-08-26 not yet calculated CVE-2020-3491
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device. 2020-08-26 not yet calculated CVE-2020-3484
CISCO
cisco — webex_meetings_desktop_app
 
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. 2020-08-26 not yet calculated CVE-2020-3440
CISCO
codecanyon — online_hotel_booking_system_pro
 
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. 2020-08-27 not yet calculated CVE-2020-23984
MISC
create-project_manager — create-project_manager
 
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). 2020-08-27 not yet calculated CVE-2020-23974
MISC
MISC
dell — emc_onefs
 
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. 2020-08-27 not yet calculated CVE-2020-5383
MISC
designmasterevents — designmasterevents
 
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the ‘certificate.php’ 2020-08-27 not yet calculated CVE-2020-23982
MISC
MISC
designmasterevents — designmasterevents
 
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. 2020-08-27 not yet calculated CVE-2020-23980
MISC
MISC
dr_trust — ecg_pen_devices
 
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. 2020-08-26 not yet calculated CVE-2020-15486
MISC
edgemax — edgeswitch
 
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. 2020-08-21 not yet calculated CVE-2020-8234
MISC
MISC
MISC
ericom — access_server
 
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides “Cannot connect to” error messages to inform the attacker about closed ports. 2020-08-26 not yet calculated CVE-2020-24548
MISC
MISC
ericsson — ipecs
 
A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. 2020-08-25 not yet calculated CVE-2020-7824
MISC
MISC
expo — secure-store
 
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. 2020-08-26 not yet calculated CVE-2020-24653
MISC
eyesofnetwork — eonweb
 
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. 2020-08-27 not yet calculated CVE-2020-24390
CONFIRM
CONFIRM
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process’s dump command does not follow current best coding practices and may overwrite arbitrary files. 2020-08-26 not yet calculated CVE-2020-5912
MISC
f5 — big-ip
 
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. 2020-08-26 not yet calculated CVE-2020-5922
MISC
f5 — big-ip
 
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections. 2020-08-26 not yet calculated CVE-2020-5913
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. 2020-08-26 not yet calculated CVE-2020-5928
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. 2020-08-26 not yet calculated CVE-2020-5927
MISC
f5 — big-ip
 
In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. 2020-08-26 not yet calculated CVE-2020-5914
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. 2020-08-26 not yet calculated CVE-2020-5915
MISC
f5 — big-ip
 
in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected. 2020-08-26 not yet calculated CVE-2020-5921
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. 2020-08-26 not yet calculated CVE-2020-5916
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. 2020-08-26 not yet calculated CVE-2020-5917
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. 2020-08-26 not yet calculated CVE-2020-5919
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. 2020-08-26 not yet calculated CVE-2020-5926
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances. 2020-08-26 not yet calculated CVE-2020-5925
MISC
f5 — big-ip
 
In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. 2020-08-26 not yet calculated CVE-2020-5924
MISC
f5 — big-ip
 
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. 2020-08-26 not yet calculated CVE-2020-5923
MISC
f5 — big-ip
 
In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. 2020-08-26 not yet calculated CVE-2020-5920
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. 2020-08-26 not yet calculated CVE-2020-5918
MISC
fedora — fedora
 
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user’s U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. 2020-08-24 not yet calculated CVE-2020-24612
MISC
MISC
fedora — fedora
 
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it’s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. 2020-08-24 not yet calculated CVE-2020-14367
MISC
FEDORA
GENTOO
fluidbyte — codiad
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-24 not yet calculated CVE-2020-14044
MISC
MISC
fluidbyte — codiad
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn’t CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-24 not yet calculated CVE-2020-14043
MISC
MISC
fossil — fossil
 
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. 2020-08-25 not yet calculated CVE-2020-24614
MLIST
MISC
CONFIRM
MISC
foxit — studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003. 2020-08-25 not yet calculated CVE-2020-17403
MISC
MISC
foxit — studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191. 2020-08-25 not yet calculated CVE-2020-17404
MISC
MISC
github — enterprise_server
 
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. 2020-08-27 not yet calculated CVE-2020-10517
CONFIRM
CONFIRM
CONFIRM
github — enterprise_server
 
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. 2020-08-27 not yet calculated CVE-2020-10518
MISC
MISC
MISC
gnome — geary
 
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. 2020-08-26 not yet calculated CVE-2020-24661
MISC
gnu — bison
 
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a ‘\0’ byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. 2020-08-25 not yet calculated CVE-2020-24240
MISC
MISC
MISC
gnupg — gnupg
 
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. 2020-08-29 not yet calculated CVE-2020-24972
MISC
MISC
GENTOO
grafana_labs — grafana
 
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. 2020-08-28 not yet calculated CVE-2019-19499
MISC
halo — halo
 
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user’s browser. 2020-08-26 not yet calculated CVE-2020-19007
MISC
hashicorp — vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. 2020-08-26 not yet calculated CVE-2020-16251
MISC
MISC
hashicorp — vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. 2020-08-26 not yet calculated CVE-2020-16250
MISC
MISC
hivemq — broker_control_center
 
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker’s JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator’s account of the Broker. 2020-08-26 not yet calculated CVE-2020-13821
MISC
MISC
hms_industrial_networks_ab — ecatcher
 
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. 2020-08-26 not yet calculated CVE-2020-14498
MISC
hoosk — codeigniter
 
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user’s intention. 2020-08-28 not yet calculated CVE-2020-16610
MISC
CONFIRM
ibm — resilient_soar
 
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. 2020-08-28 not yet calculated CVE-2019-4579
XF
CONFIRM
ibm — resilient_soar
 
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. 2020-08-28 not yet calculated CVE-2019-4533
XF
CONFIRM
ibm — security_guardium_insights
 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. 2020-08-27 not yet calculated CVE-2020-4175
XF
CONFIRM
ibm — security_guardium_insights
 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. 2020-08-24 not yet calculated CVE-2020-4165
XF
CONFIRM
ibm — spectrum_protext_server
 
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. 2020-08-28 not yet calculated CVE-2020-4591
XF
CONFIRM
ibm — specturm_protect
 
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. 2020-08-28 not yet calculated CVE-2020-4559
XF
CONFIRM
ibm — trusteer_rapport/apex
 
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. 2020-08-24 not yet calculated CVE-2018-1985
XF
CONFIRM
inogard — ebiz4u
 
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. 2020-08-24 not yet calculated CVE-2020-7831
MISC
jackson — jackson
 
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). 2020-08-25 not yet calculated CVE-2020-24616
MISC
MISC
jetbrains — youtrack
 
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. 2020-08-27 not yet calculated CVE-2020-24618
MISC
MISC
jitsi — meet_electron
 
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. 2020-08-29 not yet calculated CVE-2020-25019
MISC
MISC
MISC
joomla — component_gmappfp
 
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. 2020-08-27 not yet calculated CVE-2020-23972
MISC
kandnconcepts_club — kandnconcepts_club
 
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the ‘team.php,player.php,club.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23977
MISC
kandnconcepts_club — kandnconcepts_club
 
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the ‘team.php,player.php,club.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23973
MISC
libiec61850 — libiec61850
 
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions. 2020-08-26 not yet calculated CVE-2020-15158
MISC
MISC
CONFIRM
maltego — maltego
 
Maltego before 4.2.12 allows XXE attacks. 2020-08-26 not yet calculated CVE-2020-24656
MISC
MISC
marvell — qconvergeconsole
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. 2020-08-25 not yet calculated CVE-2020-15639
MISC
MISC
maven — gradle_enterprise
 
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation). 2020-08-25 not yet calculated CVE-2020-15777
CONFIRM
mcafee — application_control
 
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. 2020-08-26 not yet calculated CVE-2020-7309
CONFIRM
mediawiki — mediawiki
 
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. 2020-08-28 not yet calculated CVE-2020-15164
MISC
CONFIRM
mercedes-benz — c_class_amg_premium_plus_c22_bluetec_vehicles
 
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. 2020-08-27 not yet calculated CVE-2020-16142
MISC
metasploit_framework — metasploit_framework
 
The Metasploit Framework module “post/osx/gather/enum_osx module” is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. 2020-08-24 not yet calculated CVE-2020-7376
CONFIRM
metasploit_framework — metasploit_framework
 
The Metasploit Framework module “auxiliary/admin/http/telpho10_credential_dump” module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. 2020-08-24 not yet calculated CVE-2020-7377
CONFIRM
michael-design — ichat_realtime_php_live_support_system
 
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. 2020-08-27 not yet calculated CVE-2020-23983
MISC
minetime — minetime
 
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. 2020-08-24 not yet calculated CVE-2020-24364
MISC
MISC
mitel — micollab
 
The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, 2020-08-26 not yet calculated CVE-2020-13767
MISC
CONFIRM
mitel — micollab
 
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. 2020-08-26 not yet calculated CVE-2020-11797
CONFIRM
CONFIRM
mitel — micollab
 
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. 2020-08-26 not yet calculated CVE-2020-13863
MISC
CONFIRM
mitel — mivoice_connect_client
 
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. 2020-08-26 not yet calculated CVE-2020-12456
MISC
CONFIRM
mitel — mivoice_phones
 
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. 2020-08-26 not yet calculated CVE-2020-13617
MISC
CONFIRM
moscajs — aedes_mqtt_broker
 
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. 2020-08-26 not yet calculated CVE-2020-13410
MISC
MISC
mpjx — mpjx
 
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. 2020-08-29 not yet calculated CVE-2020-25020
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. 2020-08-26 not yet calculated CVE-2020-15483
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. 2020-08-26 not yet calculated CVE-2020-15484
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. 2020-08-26 not yet calculated CVE-2020-15485
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. 2020-08-26 not yet calculated CVE-2020-15482
MISC
MISC
netflix — spinnaker
 
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. 2020-08-28 not yet calculated CVE-2020-9298
MISC
netgear — netgear
 
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. 2020-08-28 not yet calculated CVE-2020-5621
JVN
MISC
MISC
MISC
netwide — assembler
 
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. 2020-08-25 not yet calculated CVE-2020-24241
MISC
netwide — assembler
 
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. 2020-08-25 not yet calculated CVE-2020-24242
MISC
network_time_protocol — mintegraladsdk
 
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. 2020-08-24 not yet calculated CVE-2020-7705
MISC
MISC
MISC
nitori — nitori
 
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2020-08-28 not yet calculated CVE-2020-5623
MISC
nodebb — nodebb
 
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation. 2020-08-26 not yet calculated CVE-2020-15156
MISC
CONFIRM
MISC
nova — openstack
 
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. 2020-08-26 not yet calculated CVE-2020-17376
MISC
MISC
CONFIRM
oasis — digital_signature_services
 
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation. 2020-08-24 not yet calculated CVE-2020-13101
CONFIRM
MISC
octopus — deploy
 
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. 2020-08-25 not yet calculated CVE-2020-16197
CONFIRM
CONFIRM
CONFIRM
online_bike_rental  — online_bike_rental
 
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. 2020-08-27 not yet calculated CVE-2020-24196
MISC
openfzs — openzfs
 
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. 2020-08-27 not yet calculated CVE-2020-24716
MISC
MISC
MISC
MISC
openfzs — openzfs
 
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. 2020-08-27 not yet calculated CVE-2020-24717
MISC
MISC
MISC
MISC
opensis — community_edition
 
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. 2020-08-24 not yet calculated CVE-2020-6637
MISC
MISC
MISC
MISC
oracle — netsuite
 
Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N). 2020-08-27 not yet calculated CVE-2020-14729
MISC
oracle — netsuite
 
Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2020-08-27 not yet calculated CVE-2020-14728
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518. 2020-08-25 not yet calculated CVE-2020-17391
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030. 2020-08-25 not yet calculated CVE-2020-17390
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132. 2020-08-25 not yet calculated CVE-2020-17394
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11253. 2020-08-25 not yet calculated CVE-2020-17397
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063. 2020-08-25 not yet calculated CVE-2020-17402
MISC
MISC
php-fusion — php-fusion
 
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. 2020-08-26 not yet calculated CVE-2020-23658
MISC
premid — premid
 
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. 2020-08-29 not yet calculated CVE-2020-24928
MISC
projects_world — house_rental
 
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. 2020-08-27 not yet calculated CVE-2020-24202
MISC
MISC
projects_world — travel_managelemt_system
 
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. 2020-08-27 not yet calculated CVE-2020-24203
MISC
MISC
qemu — qemu
 
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. 2020-08-27 not yet calculated CVE-2020-14415
CONFIRM
UBUNTU
raspap — raspap
 
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). 2020-08-24 not yet calculated CVE-2020-24572
MISC
MISC
MISC
MISC
redhat — redhat
 
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. 2020-08-24 not yet calculated CVE-2020-10775
MISC
rust — rust
 
A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. 2020-08-29 not yet calculated CVE-2020-25016
MISC
MISC
scalyr_agent — scalyr_agent
 
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. 2020-08-27 not yet calculated CVE-2020-24714
MISC
scalyr_agent — scalyr_agent
 
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. 2020-08-27 not yet calculated CVE-2020-24715
MISC
secomea — gatemanager
 
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. 2020-08-25 not yet calculated CVE-2020-14500
MISC
secomea — gatemanager
 
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. 2020-08-25 not yet calculated CVE-2020-14508
MISC
secomea — gatemanager
 
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. 2020-08-25 not yet calculated CVE-2020-14510
MISC
seczetta — neprofile
 
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. 2020-08-26 not yet calculated CVE-2020-12855
MISC
sonatype — nexus_repository
 
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. 2020-08-25 not yet calculated CVE-2020-24622
MISC
squid — squid
 
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. 2020-08-24 not yet calculated CVE-2020-24606
MISC
MISC
DEBIAN
thames — dis
 
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 2020-08-21 not yet calculated CVE-2020-15858
CONFIRM
trend_micro — deep_security_manager
 
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 2020-08-27 not yet calculated CVE-2020-15601
MISC
MISC
trend_micro — vulnerability_protection
 
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 2020-08-27 not yet calculated CVE-2020-15605
MISC
MISC
trend_micro — deep_security
 
A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. 2020-08-27 not yet calculated CVE-2020-8602
MISC
umanni — umanni
 
Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabl