US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: November 23, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
golang — go Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. 2020-11-18 7.5 CVE-2020-28367
MISC
CONFIRM
MLIST
MLIST
FEDORA
golang — go Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. 2020-11-18 7.5 CVE-2020-28366
MISC
CONFIRM
MLIST
FEDORA
jetbrains — toolbox JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. 2020-11-16 10 CVE-2020-25207
MISC
CONFIRM
riken — xoonips Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. 2020-11-16 7.5 CVE-2020-5664
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chronoengine — chronoforums Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. 2020-11-16 4.3 CVE-2020-27459
MISC
cmsuno_project — cmsuno An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. 2020-11-13 6.5 CVE-2020-25538
MISC
golang — go Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. 2020-11-18 5 CVE-2020-28362
CONFIRM
MLIST
FEDORA
intel — proset\/wireless_wifi Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-11-13 5.8 CVE-2020-12313
MISC
ivanti — endpoint_manager LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. 2020-11-16 6.5 CVE-2020-13769
MISC
MISC
ivanti — endpoint_manager In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. 2020-11-16 5 CVE-2020-13772
MISC
MISC
jetbrains — toolbox JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. 2020-11-16 5 CVE-2020-25013
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. 2020-11-16 5 CVE-2020-25210
MISC
CONFIRM
jetbrains — youtrack JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. 2020-11-16 5 CVE-2020-27626
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. 2020-11-16 5 CVE-2020-27625
MISC
jetbrains — youtrack JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. 2020-11-16 5 CVE-2020-27624
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. 2020-11-16 5 CVE-2020-25209
MISC
CONFIRM
microfocus — arcsight_logger Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) 2020-11-17 4.3 CVE-2020-11860
CONFIRM
microfocus — arcsight_logger Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). 2020-11-17 4.3 CVE-2020-25834
CONFIRM
netapp — hci Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. 2020-11-13 5 CVE-2020-8583
MISC
netapp — hci Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. 2020-11-13 4 CVE-2020-8582
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6147
FULLDISC
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. 2020-11-13 6.8 CVE-2020-6156
MISC
pixar — openusd A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-11-13 6.8 CVE-2020-6155
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6150
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. 2020-11-13 6.8 CVE-2020-6149
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6148
MISC
postgresql — postgresql A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-11-16 6.5 CVE-2020-25695
MISC
MISC
postgresql — postgresql A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-11-16 6.8 CVE-2020-25694
MISC
MISC
riken — xoonips SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2020-11-16 6.5 CVE-2020-5659
MISC
MISC
riken — xoonips Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. 2020-11-16 4 CVE-2020-5663
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 stores sensitive information in the browser’s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. 2020-11-13 2.1 CVE-2020-4886
XF
CONFIRM
jetbrains — youtrack Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. 2020-11-16 2.1 CVE-2020-24366
MISC
CONFIRM
microfocus — filr Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. 2020-11-17 3.5 CVE-2020-25832
CONFIRM
microfocus — idol Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. 2020-11-17 3.5 CVE-2020-25833
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). 2020-11-16 3.5 CVE-2020-27988
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). 2020-11-16 3.5 CVE-2020-27989
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). 2020-11-16 3.5 CVE-2020-27990
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). 2020-11-16 3.5 CVE-2020-27991
CONFIRM
riken — xoonips Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. 2020-11-16 3.5 CVE-2020-5662
MISC
MISC
salesagility — suitecrm SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. 2020-11-18 3.5 CVE-2020-14208
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
airleader — master_and_easy_devices
 
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. 2020-11-16 not yet calculated CVE-2020-26509
MISC
airleader — master_devices
 
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. 2020-11-16 not yet calculated CVE-2020-26510
MISC
amazon — amazon_web_services_encryption_sdk A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later. 2020-11-16 not yet calculated CVE-2020-8897
CONFIRM
CONFIRM
anuku — time_tracker
 
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox 2020-11-16 not yet calculated CVE-2020-27423
MISC
anuku — time_tracker
 
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account. 2020-11-16 not yet calculated CVE-2020-27422
MISC
MISC
apache — libapreq2
 
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. 2020-11-19 not yet calculated CVE-2019-12412
MISC
MISC
apache — openoffice
 
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. 2020-11-17 not yet calculated CVE-2020-13958
MISC
archive_tar — archive_tar Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. 2020-11-19 not yet calculated CVE-2020-28949
MISC
archive_tar — archive_tar
 
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. 2020-11-19 not yet calculated CVE-2020-28948
MISC
artworks_gallery — artworks_gallery
 
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. 2020-11-17 not yet calculated CVE-2020-28688
MISC
MISC
artworks_gallery — artworks_gallery
 
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. 2020-11-17 not yet calculated CVE-2020-28687
MISC
MISC
avaya — weblm
 
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. 2020-11-13 not yet calculated CVE-2020-7032
MISC
FULLDISC
CONFIRM
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. 2020-11-17 not yet calculated CVE-2020-26550
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. 2020-11-17 not yet calculated CVE-2020-26548
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. 2020-11-17 not yet calculated CVE-2020-26549
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. 2020-11-17 not yet calculated CVE-2020-26551
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. 2020-11-17 not yet calculated CVE-2020-26552
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. 2020-11-17 not yet calculated CVE-2020-26553
MISC
avid_cloud_solutions — cloudavid_pparam
 
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. 2020-11-16 not yet calculated CVE-2020-28723
MISC
MISC
avideo — avideo
 
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. 2020-11-16 not yet calculated CVE-2020-23490
MISC
MISC
avideo — avideo
 
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. 2020-11-16 not yet calculated CVE-2020-23489
MISC
MISC
basetech — ge-131-1837836_firmware
 
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information. 2020-11-17 not yet calculated CVE-2020-27553
MISC
basetech — ge-131-1837836_firmware
 
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. 2020-11-17 not yet calculated CVE-2020-27555
MISC
basetech — ge-131-1837836_firmware
 
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. 2020-11-17 not yet calculated CVE-2020-27558
MISC
basetech — ge-131-1837836_firmware
 
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. 2020-11-17 not yet calculated CVE-2020-27557
MISC
basetech — ge-131-1837836_firmware
 
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. 2020-11-17 not yet calculated CVE-2020-27554
MISC
basetech — ge-131-1837836_firmware
 
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. 2020-11-17 not yet calculated CVE-2020-27556
MISC
beckhoff _automation — twincat
 
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. 2020-11-19 not yet calculated CVE-2020-12510
CONFIRM
bejing_liangiing_zhicheng_technology — ltd_ljcmsshop
 
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. 2020-11-18 not yet calculated CVE-2020-22723
MISC
MISC
bernd_bestel — grocy
 
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. 2020-11-18 not yet calculated CVE-2020-25454
MISC
big-ip — big-ip_platforms
 
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). 2020-11-19 not yet calculated CVE-2020-5947
CONFIRM
bigbluebutton — bigbluebutton
 
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. 2020-11-19 not yet calculated CVE-2020-28953
MISC
MISC
bigbluebutton — bigbluebutton
 
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. 2020-11-19 not yet calculated CVE-2020-28954
MISC
MISC
MISC
MISC
binarynights — forklift
 
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift’s helper tool. 2020-11-17 not yet calculated CVE-2020-27192
MISC
binarynights — forklift
 
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. 2020-11-17 not yet calculated CVE-2020-15349
CONFIRM
MISC
canon — oce_colorwave_3500_devices
 
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. 2020-11-16 not yet calculated CVE-2020-26508
MISC
canonical — ubuntu_pulseaudio
 
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. 2020-11-19 not yet calculated CVE-2020-15710
UBUNTU
UBUNTU
cisco — asyncos
 
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. 2020-11-18 not yet calculated CVE-2020-3367
CISCO
cisco — dna_spaces_connector
 
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. 2020-11-18 not yet calculated CVE-2020-3586
CISCO
cisco — expressway
 
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. 2020-11-18 not yet calculated CVE-2020-3482
CISCO
cisco — integrated_management_controller
 
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). 2020-11-18 not yet calculated CVE-2020-3470
CISCO
cisco — iot_field_network_director A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. 2020-11-18 not yet calculated CVE-2020-26080
CISCO
cisco — iot_field_network_director A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. 2020-11-18 not yet calculated CVE-2020-26078
CISCO
cisco — iot_field_network_director
 
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. 2020-11-18 not yet calculated CVE-2020-26081
CISCO
cisco — iot_field_network_director
 
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. 2020-11-18 not yet calculated CVE-2020-26079
CISCO
cisco — iot_field_network_director
 
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. 2020-11-18 not yet calculated CVE-2020-26077
CISCO
cisco — iot_field_network_director
 
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. 2020-11-18 not yet calculated CVE-2020-26076
CISCO
cisco — iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. 2020-11-18 not yet calculated CVE-2020-26075
CISCO
cisco — iot_field_network_director
 
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. 2020-11-18 not yet calculated CVE-2020-26072
CISCO
cisco — iot_field_network_director
 
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication. 2020-11-18 not yet calculated CVE-2020-3392
CISCO
cisco — iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. 2020-11-18 not yet calculated CVE-2020-3531
CISCO
cisco — security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. 2020-11-17 not yet calculated CVE-2020-27125
CISCO
cisco — security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. 2020-11-17 not yet calculated CVE-2020-27130
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. 2020-11-17 not yet calculated CVE-2020-27131
CISCO
cisco — telepresence_ce_software_and_roomos_software
 
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users. 2020-11-18 not yet calculated CVE-2020-26068
CISCO
cisco — webex_meetings
 
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. 2020-11-18 not yet calculated CVE-2020-27126
CISCO
cisco — webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. 2020-11-18 not yet calculated CVE-2020-3471
CISCO
cisco — webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. 2020-11-18 not yet calculated CVE-2020-3441
CISCO
cisco — webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. 2020-11-18 not yet calculated CVE-2020-3419
CISCO
citrix — sd-wan_center Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. 2020-11-16 not yet calculated CVE-2020-8273
MISC
citrix — sd-wan_center
 
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 2020-11-16 not yet calculated CVE-2020-8272
MISC
citrix — sd-wan_center
 
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 2020-11-16 not yet calculated CVE-2020-8271
MISC
citrix — virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 2020-11-16 not yet calculated CVE-2020-8269
MISC
citrix — virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 2020-11-16 not yet calculated CVE-2020-8270
MISC
controlled-merge — controlled-merge
 
Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-15 not yet calculated CVE-2020-28268
MISC
MISC
cxuucms — cxuucms
 
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. 2020-11-18 not yet calculated CVE-2020-28091
MISC
CONFIRM
doc-path — doc-path
 
This affects the package doc-path before 2.1.2. 2020-11-15 not yet calculated CVE-2020-7772
CONFIRM
CONFIRM
CONFIRM
drupal — drupal
 
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. 2020-11-20 not yet calculated CVE-2020-13671
CONFIRM
endress+hauser — ecograph_t
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic “tokens”. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on. 2020-11-19 not yet calculated CVE-2020-12495
CONFIRM
endress+hauser — ecograph_t_and_memograph_m
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it’s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user. 2020-11-19 not yet calculated CVE-2020-12496
CONFIRM
fastadmin — fastadmin
 
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. 2020-11-17 not yet calculated CVE-2020-21665
MISC
firebase — util
 
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. 2020-11-16 not yet calculated CVE-2020-7765
CONFIRM
CONFIRM
CONFIRM
garmin — forerunner_235 Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27484
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. 2020-11-16 not yet calculated CVE-2020-27483
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27486
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27485
MISC
genexis — platinum_4410_router
 
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action ‘X_GetAccess’ which leaks the credentials of ‘admin’, provided that the attacker is network adjacent. 2020-11-17 not yet calculated CVE-2020-25988
MISC
MISC
MISC
MISC
gila — gila_cms
 
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. 2020-11-16 not yet calculated CVE-2020-28692
MISC
gitlab — ce/cc
 
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-26405
CONFIRM
MISC
MISC
gitlab — ce/ee An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13355
CONFIRM
MISC
MISC
gitlab — ce/ee

 

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. 2020-11-17 not yet calculated CVE-2020-13350
CONFIRM
MISC
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13356
CONFIRM
MISC
MISC
gitlab — ce/ee
 
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13358
CONFIRM
MISC
gitlab — ce/ee
 
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13359
CONFIRM
MISC
gitlab — ce/ee
 
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. 2020-11-17 not yet calculated CVE-2020-13354
CONFIRM
MISC
MISC
gitlab — ce/ee
 
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13351
CONFIRM
MISC
MISC
gitlab — ce/ee
 
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13352
CONFIRM
MISC
MISC
gitlab — ee

 

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13349
CONFIRM
MISC
gitlab — ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13348
CONFIRM
MISC
gitlab — ee
 
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-26406
CONFIRM
MISC
MISC
gitlab — gitlay
 
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13353
CONFIRM
MISC
hcl — domino
 
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. 2020-11-21 not yet calculated CVE-2020-14234
CONFIRM
hcl — domino
 
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. 2020-11-21 not yet calculated CVE-2020-14230
CONFIRM
hcl — notes
 
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. 2020-11-21 not yet calculated CVE-2020-14258
CONFIRM
horizontcms — horizontcms An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> 2020-11-16 not yet calculated CVE-2020-28693
MISC
MISC
ibm — business_automation_workflow
 
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. 2020-11-16 not yet calculated CVE-2020-4672
XF
CONFIRM
ibm — db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. 2020-11-19 not yet calculated CVE-2020-4701
XF
CONFIRM
ibm — db2_accessories_suite
 
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. 2020-11-20 not yet calculated CVE-2020-4739
XF
CONFIRM
ibm — jazz_reporting_service
 
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. 2020-11-19 not yet calculated CVE-2020-4718
XF
CONFIRM
ibm — mq_appliance
 
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. 2020-11-18 not yet calculated CVE-2020-4592
XF
CONFIRM
ibm — power9
 
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. 2020-11-20 not yet calculated CVE-2020-4788
MLIST
MLIST
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. 2020-11-16 not yet calculated CVE-2020-4692
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. 2020-11-16 not yet calculated CVE-2020-4700
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. 2020-11-16 not yet calculated CVE-2020-4566
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. 2020-11-16 not yet calculated CVE-2020-4655
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. 2020-11-16 not yet calculated CVE-2020-4705
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. 2020-11-16 not yet calculated CVE-2020-4671
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2020-11-16 not yet calculated CVE-2020-4475
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. 2020-11-20 not yet calculated CVE-2020-4937
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. 2020-11-16 not yet calculated CVE-2020-4763
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. 2020-11-16 not yet calculated CVE-2020-4647
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. 2020-11-16 not yet calculated CVE-2020-4476
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. 2020-11-16 not yet calculated CVE-2020-4665
XF
CONFIRM
imagemagik — imagemagik
 
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. 2020-11-20 not yet calculated CVE-2020-19667
MISC
infinitewp — admin_panel
 
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. 2020-11-16 not yet calculated CVE-2020-28642
MISC
influxdata — influxdb
 
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). 2020-11-19 not yet calculated CVE-2019-20933
MISC
MISC
MISC
ivanti — endpoint_manager
 
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. 2020-11-16 not yet calculated CVE-2020-13773
MISC
MISC
jamodat — tsmmanager_collector
 
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector’s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances’ consoles, accessing hardware configurations, etc.Exploiting this vulnerability won’t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. 2020-11-19 not yet calculated CVE-2020-28054
MISC
MISC
MISC
jetbrains — ideavim JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. 2020-11-16 not yet calculated CVE-2020-27623
MISC
CONFIRM
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. 2020-11-16 not yet calculated CVE-2020-27622
MISC
CONFIRM
jetbrains — ktor
 
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. 2020-11-16 not yet calculated CVE-2020-26129
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. 2020-11-16 not yet calculated CVE-2020-27629
MISC
CONFIRM
jetbrains — teamcity
 
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. 2020-11-16 not yet calculated CVE-2020-27627
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. 2020-11-16 not yet calculated CVE-2020-27628
MISC
CONFIRM
jupyter — notebook
 
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. 2020-11-18 not yet calculated CVE-2020-26215
MISC
CONFIRM
kaa — iot_platform
 
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. 2020-11-17 not yet calculated CVE-2020-26701
MISC
kamailio — kamailio
 
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. 2020-11-18 not yet calculated CVE-2020-28361
MISC
MISC
kata — containers
 
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. 2020-11-17 not yet calculated CVE-2020-28914
MISC
MISC
MISC
MISC
MISC
kyocera — ecosys_m2640idw_printers
 
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in “Machine Address Book”. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions 2020-11-17 not yet calculated CVE-2020-25890
MISC
lemoncms — lemoncms
 
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. 2020-11-18 not yet calculated CVE-2020-25406
MISC
libsixel — libsixel
 
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. 2020-11-20 not yet calculated CVE-2020-19668
MISC
libsvm — scikit-learn
 
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. 2020-11-21 not yet calculated CVE-2020-28975
MISC
MISC
libuci — openwrt
 
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. 2020-11-19 not yet calculated CVE-2020-28951
MISC
MISC
MISC
libvips — libvips
 
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. 2020-11-20 not yet calculated CVE-2020-20739
MISC
MISC
limesurvey — limesurvey
 
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. 2020-11-17 not yet calculated CVE-2020-25798
MISC
MISC

linux — linux_kernel

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. 2020-11-20 not yet calculated CVE-2020-28974
MISC
MISC
MISC
linux — linux_kernel
 
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. 2020-11-18 not yet calculated CVE-2020-28915
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. 2020-11-17 not yet calculated CVE-2020-25705
MISC
linux — linux_kernel
 
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. 2020-11-19 not yet calculated CVE-2020-28941
MLIST
MISC
MISC
MISC
MISC
lionwiki — lionwiki
 
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-11-16 not yet calculated CVE-2020-27191
MISC
MISC
markdown-it-highlightjs — markdown-it-highlightjs
 
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss); 2020-11-16 not yet calculated CVE-2020-7773
CONFIRM
CONFIRM
CONFIRM
melsec — iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. 2020-11-16 not yet calculated CVE-2020-5666
MISC
MISC
MISC
MISC
melsec — iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ’19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ’51’ and earlier, R08/16/32/120SFCPU firmware version ’22’ and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version ’47’ and earlier, RJ71GF11-T2 firmware version ’47’ and earlier, RJ72GF15-T2 firmware version ’07’ and earlier, RJ71GP21-SX firmware version ’47’ and earlier, RJ71GP21S-SX firmware version ’47’ and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet 2020-11-20 not yet calculated CVE-2020-5668
MISC
MISC
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19562
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19563
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19556
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19561
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19560
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19557
MISC
MISC
micro_focus — arcsight_logger
 
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. 2020-11-17 not yet calculated CVE-2020-11851
CONFIRM
misp — misp
 
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19 not yet calculated CVE-2020-28947
MISC
moodle — moodle In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25699
MISC
MISC
moodle — moodle
 
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25700
MISC
MISC
moodle — moodle
 
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25701
MISC
MISC
moodle — moodle
 
The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. 2020-11-19 not yet calculated CVE-2020-25703
MISC
MISC
moodle — moodle
 
Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25698
MISC
MISC
moodle — moodle
 
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. 2020-11-19 not yet calculated CVE-2020-25702
MISC
MISC
nagios — nagios_xi
 
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. 2020-11-16 not yet calculated CVE-2020-28648
MISC
netiq — identity_manager
 
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. 2020-11-20 not yet calculated CVE-2020-25839
CONFIRM
netis — korea_d’live_ap
 
Improper Input validation vulnerability exists in Netis Korea D’live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D’live set-top box AP(WF2429TB) v1.1.10. 2020-11-20 not yet calculated CVE-2020-7842
CONFIRM
netskope — netskope
 
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin’s portal thus leads to compromise admin’s system. 2020-11-20 not yet calculated CVE-2020-28845
MISC
nextcloud — server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. 2020-11-16 not yet calculated CVE-2020-8152
MISC
MISC
nextcloud — social
 
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. 2020-11-19 not yet calculated CVE-2020-8279
MISC
CONFIRM
nextcloud — social
 
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. 2020-11-19 not yet calculated CVE-2020-8278
MISC
CONFIRM
nexttcloud — server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. 2020-11-16 not yet calculated CVE-2020-8259
MISC
MISC
node — node.js
 
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. 2020-11-19 not yet calculated CVE-2020-8277
MISC
CONFIRM
oppo_security — com.coloros.codebook
 
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. 2020-11-19 not yet calculated CVE-2020-11829
CONFIRM
oppo_security — com.coloros.codebook
 
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. 2020-11-19 not yet calculated CVE-2020-11831
CONFIRM
oppo_security — com.coloros.codebook
 
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. 2020-11-19 not yet calculated CVE-2020-11830
CONFIRM
paradox — ip150
 
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). 2020-11-21 not yet calculated CVE-2020-25189
MISC
paradox — ip150
 
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). 2020-11-21 not yet calculated CVE-2020-25185
MISC
pdfresurrect — pdfresurrect
 
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). 2020-11-20 not yet calculated CVE-2020-20740
MISC
MISC
pescms — pescms_team
 
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= 2020-11-17 not yet calculated CVE-2020-28092
MISC
MISC
phpgurukul — user_registration_and_login_nd_user_management_system
 
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. 2020-11-18 not yet calculated CVE-2020-24723
MISC
MISC
phpgurukul — user_registration_and_login_user_management_system
 
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. 2020-11-16 not yet calculated CVE-2020-25952
MISC
MISC
MISC
planet_technology — corp_nvr-915_and_nvr-1615_products
 
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-11-18 not yet calculated CVE-2020-26097
MISC
prestashop — prestashop
 
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. 2020-11-16 not yet calculated CVE-2020-26224
MISC
CONFIRM
prestashop — product_comments
 
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 2020-11-16 not yet calculated CVE-2020-26225
MISC
CONFIRM
primekey — ejbca
 
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. 2020-11-19 not yet calculated CVE-2020-28942
MISC
pritunl — electron_client
 
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. 2020-11-19 not yet calculated CVE-2020-25989
CONFIRM
MISC
progress — moveit_transder
 
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser (XSS). 2020-11-17 not yet calculated CVE-2020-28647
CONFIRM
MISC
qnap — qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 2020-11-16 not yet calculated CVE-2020-2490
CONFIRM
qnap — qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 2020-11-16 not yet calculated CVE-2020-2492
CONFIRM
rclone — rclone
 
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. 2020-11-19 not yet calculated CVE-2020-28924
MISC
MISC
red_hat — jboss_keycloak
 
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. 2020-11-17 not yet calculated CVE-2020-10776
MISC
red_hat — jboss_keycloak
 
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. 2020-11-17 not yet calculated CVE-2020-14389
MISC
red_hat — xpdf
 
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. 2020-11-21 not yet calculated CVE-2020-25725
CONFIRM
MISC
reddoxx — maildepot_2033
 
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. 2020-11-18 not yet calculated CVE-2020-26554
MISC
MISC
resourcexpress — qubi3_devices
 
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. 2020-11-17 not yet calculated CVE-2020-25746
CONFIRM
MISC
rsa — archer
 
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application. 2020-11-18 not yet calculated CVE-2020-26884
CONFIRM
schneider_electric — easergy_t300
 
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. 2020-11-19 not yet calculated CVE-2020-7561
MISC
schneider_electric — ecostruxure_building_operation_enterprise_server
 
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 – V3.1 and Enterprise Central installer V2.0 – V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. 2020-11-19 not yet calculated CVE-2020-28209
MISC
schneider_electric — ecostruxure_building_operation_webreports A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. 2020-11-19 not yet calculated CVE-2020-7572
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. 2020-11-19 not yet calculated CVE-2020-7570
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. 2020-11-19 not yet calculated CVE-2020-7569
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. 2020-11-19 not yet calculated CVE-2020-7571
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. 2020-11-19 not yet calculated CVE-2020-7573
MISC
schneider_electric — ecostruxure_building_operation_webstation
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 – V3.1 that could cause an attacker to inject HTML and JavaScript code into the user’s browser. 2020-11-19 not yet calculated CVE-2020-28210
MISC
schneider_electric — ecostruxure_control_expert A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. 2020-11-19 not yet calculated CVE-2020-28213
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. 2020-11-19 not yet calculated CVE-2020-28212
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. 2020-11-19 not yet calculated CVE-2020-28211
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. 2020-11-19 not yet calculated CVE-2020-7559
MISC
schneider_electric — ecostruxure_operator_terminal_expert
 
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. 2020-11-19 not yet calculated CVE-2020-7544
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7556
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7558
MISC
schneider_electric — igss_definition
 
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7557
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7555
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7550
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7551
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7552
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7554
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7553
MISC
schneider_electric — modicon_m221 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys. 2020-11-19 not yet calculated CVE-2020-7567
MISC
schneider_electric — modicon_m221
 
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7566
MISC
schneider_electric — modicon_m221
 
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7565
MISC
schneider_electric — modicon_m221
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7568
MISC
schneider_electric — multiple_products A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7564
MISC
schneider_electric — multiple_products
 
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7562
MISC
schneider_electric — multiple_products
 
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7563
MISC
schneider_electric — plc_simulator_on_ecostruxure_control_expert
 
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. 2020-11-19 not yet calculated CVE-2020-7538
MISC
scratchverifier — scratchverifier
 
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else’s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. 2020-11-20 not yet calculated CVE-2020-26236
MISC
CONFIRM
semantic-release — semantic-release
 
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3. 2020-11-18 not yet calculated CVE-2020-26226
MISC
CONFIRM
sensormatics_electronics — american_dynamics_victor_web_client_and_software_house_c.cure_web_client
 
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. 2020-11-19 not yet calculated CVE-2020-9049
CERT
CONFIRM
sokrates — sowa
 
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. 2020-11-19 not yet calculated CVE-2020-28350
MISC
sourcecodester — gym_management_system
 
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’. 2020-11-17 not yet calculated CVE-2020-28129
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. 2020-11-17 not yet calculated CVE-2020-28138
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. 2020-11-17 not yet calculated CVE-2020-28140
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. 2020-11-17 not yet calculated CVE-2020-28139
MISC
MISC
sourcecodester — online_library_management_system
 
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). 2020-11-17 not yet calculated CVE-2020-28130
MISC
MISC
sourcecodester — simple_grocery_store_sales_and_inventory_system
 
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. 2020-11-17 not yet calculated CVE-2020-28133
MISC
MISC
sourcecodester — tourism_management_system
 
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. 2020-11-17 not yet calculated CVE-2020-28136
MISC
MISC
sourcecodester — water_billing_system
 
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. 2020-11-17 not yet calculated CVE-2020-28183
MISC
MISC
MISC
suitecrm — suitecrm SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. 2020-11-18 not yet calculated CVE-2020-15300
MISC
suitecrm — suitecrm
 
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. 2020-11-18 not yet calculated CVE-2020-15301
MISC
symantec — endpoint_detection_and_response
 
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. 2020-11-18 not yet calculated CVE-2020-12593
CONFIRM
taskcafe — project_management_tool
 
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. 2020-11-17 not yet calculated CVE-2020-25400
MISC
tenable — tp-link_archer
 
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. 2020-11-21 not yet calculated CVE-2020-5797
MISC
tobesoft — xplatform
 
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// 2020-11-17 not yet calculated CVE-2020-7841
MISC
tp-link — multiple_devices
 
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. 2020-11-20 not yet calculated CVE-2020-28877
MISC
tp-link — tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 2020-11-18 not yet calculated CVE-2020-24297
MISC
MISC
tp-link — tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 2020-11-18 not yet calculated CVE-2020-28005
MISC
MISC
trend_micro — apex_one
 
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. 2020-11-18 not yet calculated CVE-2020-28572
MISC
trend_micro — interscan_web_security_virtual_appliance A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28581
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28578
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28579
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28580
MISC
MISC
trend_micro — security_2020 Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27697
MISC
trend_micro — security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27695
MISC
trend_micro — security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27696
MISC
trend_micro — worry-free_business_security
 
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product’s management console. 2020-11-18 not yet calculated CVE-2020-28574
MISC
MISC
trusted_computing_group — trusted_platform_module_library_family
 
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. 2020-11-18 not yet calculated CVE-2020-26933
MISC
CONFIRM
typ03 — typ03
 
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. 2020-11-18 not yet calculated CVE-2020-28917
MISC
typo3 — fluid
 
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory. 2020-11-17 not yet calculated CVE-2020-26216
MISC
CONFIRM
MISC
valve — game_networking_sockets
 
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. 2020-11-18 not yet calculated CVE-2020-6016
MISC
vmware — esxi
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) 2020-11-20 not yet calculated CVE-2020-4005
CONFIRM
vmware — multiple_products
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. 2020-11-20 not yet calculated CVE-2020-4004
CONFIRM
volkswagon — discover_media_infotainment_system
 
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. 2020-11-16 not yet calculated CVE-2020-28656
MISC
werkzeug — werkzeug
 
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. 2020-11-18 not yet calculated CVE-2020-28724
MISC
MISC
MISC
western_digital — inand_devices
 
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack. 2020-11-18 not yet calculated CVE-2020-13799
MISC
CONFIRM
wordpress — wordpress
 
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. 2020-11-16 not yet calculated CVE-2020-28650
MISC
wordpress — wordpress
 
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. 2020-11-16 not yet calculated CVE-2020-28649
MISC
MISC
xstream — xstream
 
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. 2020-11-16 not yet calculated CVE-2020-26217
CONFIRM
CONFIRM
CONFIRM
y18n — y18n
 
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(‘y18n’)(); y18n.setLocale(‘__proto__’); y18n.updateLocale({polluted: true}); console.log(polluted); // true 2020-11-17 not yet calculated CVE-2020-7774
MISC
MISC
MISC
MISC
yzmcms — yzmcms
 
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. 2020-11-19 not yet calculated CVE-2020-22394
MISC
zte — multiple_devices
 
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. 2020-11-19 not yet calculated CVE-2020-6879
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: November 16, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bbraun — onlinesuite_application_package A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. 2020-11-06 7.5 CVE-2020-25172
MISC
google — android In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143 2020-11-10 9.3 CVE-2020-0449
MISC
google — android In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 2020-11-10 9.3 CVE-2020-0451
MISC
google — android In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295 2020-11-10 7.8 CVE-2020-0441
MISC
google — android In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092 2020-11-10 7.8 CVE-2020-0442
MISC
google — android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 2020-11-10 7.5 CVE-2020-0445
MISC
google — android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528 2020-11-10 7.5 CVE-2020-0446
MISC
google — android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617 2020-11-10 7.5 CVE-2020-0447
MISC
google — android In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 2020-11-10 7.5 CVE-2020-0452
FEDORA
MISC
google — android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). 2020-11-08 7.5 CVE-2020-28340
MISC
ibm — filenet_content_manager IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. 2020-11-09 9.3 CVE-2020-4759
XF
CONFIRM
linuxfoundation — nats-server The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. 2020-11-06 7.5 CVE-2020-26892
MISC
CONFIRM
magento — magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components. 2020-11-09 9 CVE-2020-24407
MISC
sap — netweaver_application_server_java SAP NetWeaver AS JAVA, versions – 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it. 2020-11-10 9 CVE-2020-26820
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bbraun — onlinesuite_application_package A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. 2020-11-06 6.9 CVE-2020-25174
MISC
bbraun — onlinesuite_application_package An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. 2020-11-06 6.8 CVE-2020-25170
MISC
canonical — ubuntu_linux Ubuntu’s packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. 2020-11-06 4.6 CVE-2020-15708
MISC
cisco — anyconnect_secure_mobility_client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. 2020-11-06 4.9 CVE-2020-27123
CISCO
google — android An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). 2020-11-08 4.6 CVE-2020-28341
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020). 2020-11-08 6.8 CVE-2020-28342
MISC
google — android An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). 2020-11-08 4.6 CVE-2020-28343
MISC
google — android In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336 2020-11-10 4.3 CVE-2020-0450
MISC
google — android In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-140256621 2020-11-10 4.6 CVE-2020-0439
MISC
google — android In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320 2020-11-10 4.6 CVE-2020-0438
MISC
hp — oneview There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. 2020-11-06 6.5 CVE-2020-7198
MISC
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. 2020-11-06 4 CVE-2020-4484
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857. 2020-11-06 4 CVE-2020-4483
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856. 2020-11-06 4 CVE-2020-4482
XF
CONFIRM
joplin_project — joplin Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. 2020-11-06 4.3 CVE-2020-28249
MISC
MISC
lightbend — play_framework An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. 2020-11-06 5 CVE-2020-27196
MISC
MISC
lightbend — play_framework In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. 2020-11-06 5 CVE-2020-26882
MISC
MISC
lightbend — play_framework In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. 2020-11-06 5 CVE-2020-26883
MISC
MISC
linuxfoundation — nats-server The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). 2020-11-06 5 CVE-2020-26521
CONFIRM
MISC
magento — magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user’s account. 2020-11-09 5.5 CVE-2020-24401
MISC
magento — magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization. 2020-11-09 5.5 CVE-2020-24404
MISC
magento — magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. 2020-11-09 5.5 CVE-2020-24402
MISC
magento — magento When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment. 2020-11-09 4.3 CVE-2020-24406
MISC
magento — magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. 2020-11-09 4 CVE-2020-24403
MISC
magento — magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization. 2020-11-09 4 CVE-2020-24405
MISC
magento — magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database. 2020-11-09 5.5 CVE-2020-24400
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. 2020-11-11 6.8 CVE-2020-17044
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17033
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17034
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17032
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. 2020-11-11 6.8 CVE-2020-17055
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17031
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17026
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17025
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17027
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. 2020-11-11 4.6 CVE-2020-17028
MISC
microsoft — windows_10 Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. 2020-11-11 6.8 CVE-2020-17043
MISC
netapp — e-series_santricity_os_controller SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. 2020-11-06 4.3 CVE-2020-8577
MISC
netapp — e-series_santricity_os_controller SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). 2020-11-06 5 CVE-2020-8580
MISC
pega — pega_platform Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. 2020-11-09 4.3 CVE-2020-24353
MISC
MISC
qemu — qemu ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. 2020-11-06 4 CVE-2020-27616
CONFIRM
MISC
qemu — qemu eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. 2020-11-06 4 CVE-2020-27617
CONFIRM
MISC
sap — solution_manager SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. 2020-11-10 6.4 CVE-2020-26824
MISC
MISC
sap — solution_manager SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. 2020-11-10 6.4 CVE-2020-26823
MISC
MISC
sap — solution_manager SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. 2020-11-10 6.4 CVE-2020-26822
MISC
MISC
sap — solution_manager SAP Solution Manager (JAVA stack), version – 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. 2020-11-10 6.4 CVE-2020-26821
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android In CellBroadcastReceiver’s intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784 2020-11-10 2.1 CVE-2020-0437
MISC
google — android In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253 2020-11-10 2.1 CVE-2020-0443
MISC
google — android In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334 2020-11-10 2.1 CVE-2020-0448
MISC
google — android In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474 2020-11-10 2.1 CVE-2020-0453
MISC
google — android In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134 2020-11-10 2.1 CVE-2020-0454
MISC
ibm — maximo_spatial_asset_management IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024. 2020-11-09 2.9 CVE-2020-4651
XF
CONFIRM
ibm — maximo_spatial_asset_management IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. 2020-11-09 2.1 CVE-2020-4650
XF
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a10_networks — acos_and_agalazy_management_graphical_user_interfaces
 
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. 2020-11-10 not yet calculated CVE-2020-24384
CONFIRM
adobe — acrobat_reader
 
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application. 2020-11-12 not yet calculated CVE-2020-24441
MISC
adobe — connect Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2020-11-12 not yet calculated CVE-2020-24443
MISC
adobe — connect
 
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2020-11-12 not yet calculated CVE-2020-24442
MISC
amd — running_average_power_limit
 
A potential vulnerability in the AMD extension to Linux “hwmon” service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. 2020-11-12 not yet calculated CVE-2020-12912
MISC
amd — trusted_platform_modules
 
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. 2020-11-12 not yet calculated CVE-2020-12926
MISC
amd — vbios_flash_tool
 
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. 2020-11-12 not yet calculated CVE-2020-12927
MISC
apache — airflows_experimental_api
 
The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default 2020-11-10 not yet calculated CVE-2020-13927
MISC
apache — batik
 
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the “xlink:href” attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 2020-11-12 not yet calculated CVE-2019-17566
MISC
apache — cxf
 
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. 2020-11-12 not yet calculated CVE-2020-13954
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
arm_developer — armv8-m_processors
 
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension. 2020-11-12 not yet calculated CVE-2020-16273
CONFIRM
asterisk — open_source
 
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. 2020-11-06 not yet calculated CVE-2020-28327
MISC
MISC
atlassian — gajira-create_github_action

 

The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. 2020-11-09 not yet calculated CVE-2020-14189
MISC
atlassian — gajira-create_github_action
 
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. 2020-11-09 not yet calculated CVE-2020-14188
MISC
atlassian — resourcexpress_meeting_monitor
 
SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. 2020-11-12 not yet calculated CVE-2020-13877
CONFIRM
MISC
audi — a7_mmi_2014_vehicles
 
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. 2020-11-11 not yet calculated CVE-2020-27524
MISC
MISC
MISC
avaya — unified_portal_client
 
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. 2020-11-13 not yet calculated CVE-2020-7033
CONFIRM
avaya — weblm
 
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. 2020-11-13 not yet calculated CVE-2020-7032
CONFIRM
azure — devops
 
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability 2020-11-11 not yet calculated CVE-2020-1325
MISC
bab_technologie — eibport_v3
 
BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. 2020-11-12 not yet calculated CVE-2020-24573
MISC
becton_dickinson_and_company — bd_alaris_8015_pc_unit_and_bd_alaris_systems_manager
 
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit. 2020-11-13 not yet calculated CVE-2020-25165
MISC
bitdefender — update_server
 
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. 2020-11-09 not yet calculated CVE-2020-15297
MISC
brave — brave
 
The implementation of Brave Desktop’s privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave’s server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. 2020-11-09 not yet calculated CVE-2020-8276
MISC
cacti — cacti
 
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field 2020-11-12 not yet calculated CVE-2020-25706
CONFIRM
MISC
MISC
canonical — ubuntu
 
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. 2020-11-11 not yet calculated CVE-2020-16127
CONFIRM
canonical — ubuntu
 
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. 2020-11-11 not yet calculated CVE-2020-16126
CONFIRM
capasystems — capainstaller
 
CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. 2020-11-09 not yet calculated CVE-2020-27977
CONFIRM
cellinx — nvt_web_server
 
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. 2020-11-06 not yet calculated CVE-2020-28250
MISC
cisco — asr_9000_series_aggregation_services_routers
 
A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality. 2020-11-12 not yet calculated CVE-2020-26070
CISCO

cisco — webex_network_recording_player_and_webex_player

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3573
CISCO
MISC

cisco — webex_network_recording_player_and_webex_player

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3604
CISCO
MISC

cisco — webex_network_recording_player_and_webex_player

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3603
CISCO
MISC
ckeditor — ckeditor
 
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. 2020-11-12 not yet calculated CVE-2020-27193
CONFIRM
CONFIRM
MISC
cmsuno — cmsuno
 
An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. 2020-11-13 not yet calculated CVE-2020-25538
MISC
cmsuno — cmsuno
 
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a “username” while changing his/her username & password. After that, when attacker logs in to the application, attacker’s code will be run. As a result of this vulnerability, authenticated user can run command on the server. 2020-11-13 not yet calculated CVE-2020-25557
MISC
compass_plus — tranzware_payment_gateway
 
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415). 2020-11-12 not yet calculated CVE-2020-28414
MISC
MISC
compass_plus — tranzware_payment_gateway
 
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414). 2020-11-12 not yet calculated CVE-2020-28415
MISC
MISC
couchbase — couchbase_server
 
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka “magic cookie”). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0. 2020-11-12 not yet calculated CVE-2020-24719
CONFIRM
debian — raptor_xml_writer.c
 
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). 2020-11-06 not yet calculated CVE-2017-18926
MLIST
MLIST
MLIST
MISC
MLIST
DEBIAN
MISC
deephas — deephas
 
Prototype pollution vulnerability in ‘deephas’ versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-12 not yet calculated CVE-2020-28271
MISC
MISC
dell — inspiron
 
Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2020-11-10 not yet calculated CVE-2020-5388
MISC
dependabot — dependabot
 
Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: “/$({curl,127.0.0.1})”, Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class. 2020-11-13 not yet calculated CVE-2020-26222
MISC
MISC
CONFIRM
dundas_data_visualization — dundas_bi_server The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur. 2020-11-10 not yet calculated CVE-2020-28409
MISC
dundas_data_visualization — dundas_bi_server The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. 2020-11-10 not yet calculated CVE-2020-28408
MISC
dyne — tomb
 
ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users’ files to be encrypted with “tomb {W] Detected DISPLAY, but only pinentry-curses is found.” as the encryption key. 2020-11-13 not yet calculated CVE-2020-28638
MISC
eclipse — hono
 
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception. 2020-11-13 not yet calculated CVE-2020-27217
CONFIRM
express-validators — express-validators
 
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. 2020-11-11 not yet calculated CVE-2020-7767
MISC
fastadmin — fastadmin-tp6
 
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ‘table’ parameter passed is not filtered so a malicious parameter can be passed for SQL injection. 2020-11-13 not yet calculated CVE-2020-21667
MISC
field — field
 
Prototype pollution vulnerability in ‘field’ versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-12 not yet calculated CVE-2020-28269
MISC
MISC
find-my-way — find-my-way
 
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version’ header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack. 2020-11-08 not yet calculated CVE-2020-7764
MISC
MISC
flexdotnetcms — flexdotnetcms An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager’s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. 2020-11-12 not yet calculated CVE-2020-27386
MISC
MISC
MISC
flexdotnetcms — flexdotnetcms
 
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor. 2020-11-12 not yet calculated CVE-2020-27385
MISC
MISC
gdm3 — gdm3
 
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can’t contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. 2020-11-10 not yet calculated CVE-2020-16125
MISC
MISC
MISC
google — android

 

In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813 2020-11-10 not yet calculated CVE-2020-0418
MISC
google — android

 

In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564 2020-11-10 not yet calculated CVE-2020-0424
MISC
google — android
 
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and de-anonymization of COVID-19 positive users when using Radar COVID. The vulnerability is caused by the fact that Radar COVID connections to the server (uploading of TEKs to the backend) are only made by COVID-19 positives. Therefore, any on-path observer with the ability to monitor traffic between the app and the server can identify which users had a positive test. Such an adversary can be the mobile network operator (MNO) if the connection is done through a mobile network, the Internet Service Provider (ISP) if the connection is done through the Internet (e.g., a home network), a VPN provider used by the user, the local network operator in the case of enterprise networks, or any eavesdropper with access to the same network (WiFi or Ethernet) as the user as could be the case of public WiFi hotspots deployed at shopping centers, airports, hotels, and coffee shops. The attacker may also de-anonymize the user. For this additional stage to succeed, the adversary needs to correlate Radar COVID traffic to other identifiable information from the victim. This could be achieved by associating the connection to a contract with the name of the victim or by associating Radar COVID traffic to other user-generated flows containing identifiers in the clear (e.g., HTTP cookies or other mobile flows sending unique identifiers like the IMEI or the AAID without encryption). The former can be executed, for instance, by the Internet Service Provider or the MNO. The latter can be executed by any on-path adversary, such as the network provider or even the cloud provider that hosts more than one service accessed by the victim. The farther the adversary is either from the victim (the client) or the end-point (the server), the less likely it may be that the adversary has access to re-identification information. The vulnerability has been mitigated with the injection of dummy traffic from the application to the backend. Dummy traffic is generated by all users independently of whether they are COVID-19 positive or not. The issue was fixed in iOS in version 1.0.8 (uniform distribution), 1.1.0 (exponential distribution), Android in version 1.0.7 (uniform distribution), 1.1.0 (exponential distribution), Backend in version 1.1.2-RELEASE. For more information see the referenced GitHub Security Advisory. 2020-11-13 not yet calculated CVE-2020-26230
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
google — android
 
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193 2020-11-10 not yet calculated CVE-2020-0409
MISC
grpc — grpc The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. 2020-11-11 not yet calculated CVE-2020-7768
MISC
MISC
MISC
MISC
MISC
hazelcast — imdg_enterprise
 
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn’t verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords. 2020-11-09 not yet calculated CVE-2020-26168
MISC
CONFIRM
CONFIRM
MISC
huawei — fusioncompute
 
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. 2020-11-12 not yet calculated CVE-2020-9128
MISC
huawei — mate_30_firmware
 
HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. 2020-11-13 not yet calculated CVE-2020-9129
MISC
huawei — multiple_products
 
Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. 2020-11-13 not yet calculated CVE-2020-9127
MISC
huawei — multiple_products
 
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. 2020-11-13 not yet calculated CVE-2020-1847
MISC
ibm — cognos_controller
 
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. 2020-11-11 not yet calculated CVE-2020-4685
XF
CONFIRM
ibm — content_navigator
 
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. 2020-11-10 not yet calculated CVE-2020-4704
XF
CONFIRM
ibm — content_navigator
 
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737. 2020-11-10 not yet calculated CVE-2020-4760
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser’s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. 2020-11-13 not yet calculated CVE-2020-4886
XF
CONFIRM
ibm — tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. 2020-11-10 not yet calculated CVE-2020-4568
XF
CONFIRM
ilex  — international_sign&go_workstation_security_suite
 
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. 2020-11-10 not yet calculated CVE-2020-23968
MISC
MISC
MISC
ilias — ilias
 
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. 2020-11-10 not yet calculated CVE-2020-25267
MISC
ilias — ilias
 
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. 2020-11-10 not yet calculated CVE-2020-25268
MISC
intel — adas_ie
 
Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12323
MISC
intel — advisor_tools
 
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12334
MISC

intel — amt

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8757
CONFIRM
MISC
intel — amt
 
Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-12356
CONFIRM
MISC
intel — amt
 
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-8746
CONFIRM
MISC
intel — amt
 
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-11-12 not yet calculated CVE-2020-8749
CONFIRM
MISC
intel — amt
 
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. 2020-11-12 not yet calculated CVE-2020-8747
CONFIRM
MISC
intel — amt
 
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8760
CONFIRM
MISC
intel — amt_and_ism
 
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. 2020-11-12 not yet calculated CVE-2020-8752
CONFIRM
MISC
intel — amt_and_ism
 
Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-8753
CONFIRM
MISC
intel — amt_sdk
 
Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12354
CONFIRM
MISC
intel — batter_life_diagnostic_tool Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12346
MISC
intel — board_id_tool
 
Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-24456
MISC
intel — client_ssds_and_data_center_ssds
 
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-12310
MISC
intel — client_ssds_and_data_center_ssds
 
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-12309
MISC
intel — client_ssds_and_data_center_ssds
 
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-12311
MISC
intel — computing_improvement_program
 
Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-12308
MISC
intel — cs12_host_controller
 
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-0573
MISC
intel — csme
 
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. 2020-11-12 not yet calculated CVE-2020-8705
CONFIRM
CONFIRM
CONFIRM
MISC
intel — csme
 
Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-8761
CONFIRM
MISC
intel — csme
 
Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8756
CONFIRM
MISC
intel — csme_and_sps
 
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-11-12 not yet calculated CVE-2020-8755
CONFIRM
CONFIRM
MISC
intel — csme_and_txe Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-8751
CONFIRM
CONFIRM
MISC
intel — csme_and_txe Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-11-12 not yet calculated CVE-2020-8745
CONFIRM
CONFIRM
MISC
intel — csme_and_txe
 
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8744
CONFIRM
CONFIRM
CONFIRM
MISC
intel — csme_driver
 
Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. 2020-11-12 not yet calculated CVE-2020-12297
CONFIRM
CONFIRM
MISC
intel — csme_driver_and_txe
 
Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. 2020-11-12 not yet calculated CVE-2020-12303
CONFIRM
CONFIRM
MISC
intel — dal_sdk
 
Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. 2020-11-12 not yet calculated CVE-2020-12304
MISC
intel — data_center_manager_console
 
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-12349
MISC
intel — data_center_manager_console
 
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12345
MISC
intel — data_center_manager_console
 
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. 2020-11-12 not yet calculated CVE-2020-12347
MISC
intel — data_center_manager_console
 
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. 2020-11-12 not yet calculated CVE-2020-12353
MISC
intel — data_center_manager_console
 
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-8669
MISC
intel — dsa
 
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. 2020-11-12 not yet calculated CVE-2020-24460
MISC
intel — ema Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-12316
MISC
intel — ema
 
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2020-11-12 not yet calculated CVE-2020-12315
MISC
intel — ethernet_700_series_controllers
 
A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8691
MISC
intel — ethernet_700_series_controllers
 
Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8690
MISC
intel — ethernet_700_series_controllers
 
Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8692
MISC
intel — ethernet_700_series_controllers
 
Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8693
MISC
intel — falcon_8+_uas_asctec_thermal_viewer
 
Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12330
MISC
intel — hid_event_filter_driver
 
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12332
MISC
intel — high_definition_audio_drivers
 
Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12307
MISC
intel — media_sdk
 
Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2019-11121
MISC
intel — multiple_processors
 
Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8764
MISC
intel — multiple_products Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-8754
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. 2020-11-12 not yet calculated CVE-2020-0584
MISC
intel — nuc
 
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12337
MISC
intel — nuc
 
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12336
MISC
intel — nuc
 
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-24525
FULLDISC
MISC
intel — open_webrtc
 
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2020-11-13 not yet calculated CVE-2020-12338
MISC
intel — processor_identification_utility
 
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12335
MISC
intel — processors
 
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0590
CONFIRM
MISC
intel — processors
 
Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8740
MISC
intel — processors
 
Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. 2020-11-12 not yet calculated CVE-2020-0592
CONFIRM
MISC
intel — processors
 
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0591
CONFIRM
MISC
intel — processors
 
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0588
CONFIRM
MISC
intel — processors
 
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-8695
MISC
intel — processors
 
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0587
CONFIRM
MISC
intel — processors
 
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-8694
MISC
intel — processors
 
Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-13 not yet calculated CVE-2020-0599
MISC
intel — processors
 
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0593
CONFIRM
MISC
intel — processors
 
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-8696
CONFIRM
MISC
intel — processors
 
Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8739
MISC
intel — processors
 
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8738
MISC
intel — processors
 
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-8698
CONFIRM
MISC
intel — proset/wireless_wifi_products Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-12317
MISC
intel — proset/wireless_wifi_products Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-12319
MISC
intel — proset/wireless_wifi_products
 
Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-12314
MISC
intel — proset/wireless_wifi_products
 
Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-11-13 not yet calculated CVE-2020-12313
MISC
intel — proset/wireless_wifi_products
 
Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12318
MISC
intel — qat
 
Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12333
MISC
intel — quartus_prime
 
Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8767
MISC
intel — quartus_prime_pro_edition
 
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. 2020-11-12 not yet calculated CVE-2020-24454
MISC
intel — realsense_d400_series_dynamic_calibration_tool
 
Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12306
MISC
intel — scs_add-on_for_microsoft_sccm
 
Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12320
MISC
intel — server_board_2600st_and_s2600wf
 
Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-0572
MISC
intel — sgx_dcap
 
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-8766
MISC
intel — stratix_10_fpga_firmware
 
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-11-12 not yet calculated CVE-2020-12312
MISC
intel — stratix_10_fpga_firmware
 
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access. 2020-11-12 not yet calculated CVE-2020-8737
MISC
intel — thunderbolt_dch_drivers Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-12327
MISC
intel — thunderbolt_dch_drivers
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12325
MISC
intel — thunderbolt_dch_drivers
 
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-12326
MISC
intel — thunderbolt_dch_drivers
 
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-12328
MISC
intel — thunderbolt_dch_drivers
 
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12324
MISC
intel — txe
 
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-11-12 not yet calculated CVE-2020-12355
CONFIRM
MISC
intel — txe
 
Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8750
CONFIRM
MISC
intel — unite_client
 
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. 2020-11-12 not yet calculated CVE-2020-0575
MISC
intel — unite_cloud_service_client
 
Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12331
MISC
intel — visual_compute_accelerator
 
Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. 2020-11-12 not yet calculated CVE-2020-8677
MISC
intel — visual_compute_accelerator
 
Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-8676
MISC
intel — vtune_profiler
 
Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12329
MISC
intel — wireless_bluetooth_products
 
Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-11-12 not yet calculated CVE-2020-12322
MISC
intel — wireless_bluetooth_products
 
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-11-12 not yet calculated CVE-2020-12321
MISC
intel — xtu
 
Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-11-12 not yet calculated CVE-2020-12350
MISC
intelliants — subrion_cms Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. 2020-11-10 not yet calculated CVE-2019-7357
MISC
MISC
ivanti — endpoint_manager An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server. 2020-11-12 not yet calculated CVE-2020-13774
MISC
ivanti — endpoint_manager
 
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). 2020-11-12 not yet calculated CVE-2020-13770
MISC
ivanti — endpoint_manager
 
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. 2020-11-12 not yet calculated CVE-2020-13771
MISC
json-ptr — json-ptr
 
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution. 2020-11-10 not yet calculated CVE-2020-7766
MISC
MISC
MISC
json8 — json8
 
This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. 2020-11-12 not yet calculated CVE-2020-7770
MISC
MISC
json8-merge_patch — json8-merge_patch Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. 2020-11-09 not yet calculated CVE-2020-8268
MISC
lenovo — desktop
 
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. 2020-11-11 not yet calculated CVE-2020-8353
MISC
lenovo — desktop
 
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. 2020-11-11 not yet calculated CVE-2020-8352
MISC
lenovo — multiple_notebooks
 
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. 2020-11-11 not yet calculated CVE-2020-8354
MISC
lettre_library — lettre_library
 
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. 2020-11-12 not yet calculated CVE-2020-28247
MISC
MISC
lg — multiple_mobile_devices An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020). 2020-11-08 not yet calculated CVE-2020-28344
MISC
lg — multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020). 2020-11-08 not yet calculated CVE-2020-28345
MISC
libmaxminddb — libmaxminddb
 
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. 2020-11-06 not yet calculated CVE-2020-28241
MISC
MISC
MISC
MLIST
GENTOO
locust — locust
 
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users. 2020-11-09 not yet calculated CVE-2020-28364
MISC
managedclusterview_api — managedclusterview_api An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users. 2020-11-09 not yet calculated CVE-2020-25655
CONFIRM
mcafee — endpoint_security Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. 2020-11-12 not yet calculated CVE-2020-7331
CONFIRM
mcafee — endpoint_security
 
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. 2020-11-12 not yet calculated CVE-2020-7333
CONFIRM
mcafee — endpoint_security
 
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. 2020-11-12 not yet calculated CVE-2020-7332
CONFIRM
mcafee — mvision_endpoint
 
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. 2020-11-11 not yet calculated CVE-2020-7329
CONFIRM
mcafee — mvision_endpoint
 
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. 2020-11-11 not yet calculated CVE-2020-7328
CONFIRM
mersive — solstice-pod
 
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. 2020-11-11 not yet calculated CVE-2020-27523
MISC
MISC
MISC
MISC
microsoft — av1_video_extension
 
AV1 Video Extension Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17105
MISC
microsoft — azure_sphere Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985. 2020-11-11 not yet calculated CVE-2020-16990
MISC
MISC
microsoft — azure_sphere Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993. 2020-11-11 not yet calculated CVE-2020-16988
MISC
microsoft — azure_sphere Azure Sphere Denial of Service Vulnerability 2020-11-11 not yet calculated CVE-2020-16986
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16992. 2020-11-11 not yet calculated CVE-2020-16993
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Tampering Vulnerability 2020-11-11 not yet calculated CVE-2020-16983
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994. 2020-11-11 not yet calculated CVE-2020-16984
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990. 2020-11-11 not yet calculated CVE-2020-16985
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16991, CVE-2020-16994. 2020-11-11 not yet calculated CVE-2020-16987
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994. 2020-11-11 not yet calculated CVE-2020-16991
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16993. 2020-11-11 not yet calculated CVE-2020-16992
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991. 2020-11-11 not yet calculated CVE-2020-16994
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16988, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993. 2020-11-11 not yet calculated CVE-2020-16981
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994. 2020-11-11 not yet calculated CVE-2020-16970
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994. 2020-11-11 not yet calculated CVE-2020-16982
MISC
MISC
MISC
microsoft — azure_sphere
 
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16992, CVE-2020-16993. 2020-11-11 not yet calculated CVE-2020-16989
MISC
microsoft — defender
 
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability 2020-11-11 not yet calculated CVE-2020-17090
MISC
microsoft — dynamics_365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17021. 2020-11-11 not yet calculated CVE-2020-17018
MISC
microsoft — dynamics_365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17018, CVE-2020-17021. 2020-11-11 not yet calculated CVE-2020-17006
MISC
microsoft — dynamics_365
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018. 2020-11-11 not yet calculated CVE-2020-17021
MISC
microsoft — dynamics_365
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021. 2020-11-11 not yet calculated CVE-2020-17005
MISC
microsoft — edge
 
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048. 2020-11-11 not yet calculated CVE-2020-17054
MISC
microsoft — edge
 
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054. 2020-11-11 not yet calculated CVE-2020-17048
MISC
microsoft — edge_and_internet_explorer
 
Scripting Engine Memory Corruption Vulnerability 2020-11-11 not yet calculated CVE-2020-17052
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17066. 2020-11-11 not yet calculated CVE-2020-17065
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066. 2020-11-11 not yet calculated CVE-2020-17064
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066. 2020-11-11 not yet calculated CVE-2020-17019
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17065. 2020-11-11 not yet calculated CVE-2020-17066
MISC
microsoft — excel
 
Microsoft Excel Security Feature Bypass Vulnerability 2020-11-11 not yet calculated CVE-2020-17067
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17083. 2020-11-11 not yet calculated CVE-2020-17084
MISC
microsoft — exchange_server
 
Microsoft Exchange Server Denial of Service Vulnerability 2020-11-11 not yet calculated CVE-2020-17085
MISC
microsoft — exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17084. 2020-11-11 not yet calculated CVE-2020-17083
MISC
microsoft — heif_image_extension
 
HEIF Image Extensions Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17101
MISC
microsoft — hevc_video_extension HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110. 2020-11-11 not yet calculated CVE-2020-17108
MISC
microsoft — hevc_video_extension
 
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110. 2020-11-11 not yet calculated CVE-2020-17107
MISC
microsoft — hevc_video_extension
 
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109. 2020-11-11 not yet calculated CVE-2020-17110
MISC
microsoft — hevc_video_extension
 
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110. 2020-11-11 not yet calculated CVE-2020-17109
MISC
microsoft — hevc_video_extension
 
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110. 2020-11-11 not yet calculated CVE-2020-17106
MISC
microsoft — internet_explorer
 
Internet Explorer Memory Corruption Vulnerability 2020-11-11 not yet calculated CVE-2020-17053
MISC
microsoft — office
 
Microsoft Office Online Spoofing Vulnerability 2020-11-11 not yet calculated CVE-2020-17063
MISC
microsoft — office
 
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17062
MISC
microsoft — raw_image_extension Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086. 2020-11-11 not yet calculated CVE-2020-17082
MISC
microsoft — raw_image_extension
 
Microsoft Raw Image Extension Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17081
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086. 2020-11-11 not yet calculated CVE-2020-17079
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082. 2020-11-11 not yet calculated CVE-2020-17086
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086. 2020-11-11 not yet calculated CVE-2020-17078
MISC
microsoft — sharepoint
 
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16979. 2020-11-11 not yet calculated CVE-2020-17017
MISC
microsoft — sharepoint
 
Microsoft SharePoint Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17061
MISC
microsoft — sharepoint
 
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17017. 2020-11-11 not yet calculated CVE-2020-16979
MISC
microsoft — sharepoint
 
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17016, CVE-2020-17060. 2020-11-11 not yet calculated CVE-2020-17015
MISC
microsoft — sharepoint
 
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17016. 2020-11-11 not yet calculated CVE-2020-17060
MISC
microsoft — sharepoint
 
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17060. 2020-11-11 not yet calculated CVE-2020-17016
MISC
microsoft — teams
 
Microsoft Teams Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17091
MISC
microsoft — visual_studio
 
Visual Studio Tampering Vulnerability 2020-11-11 not yet calculated CVE-2020-17100
MISC
microsoft — visual_studio_code
 
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17104
MISC
microsoft — webp_image_extension
 
WebP Image Extensions Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17102
MISC
microsoft — windows
 
Windows Spoofing Vulnerability 2020-11-11 not yet calculated CVE-2020-1599
MISC
microsoft — windows_10 Windows Port Class Library Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17011
MISC
microsoft — windows_10 Windows GDI+ Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17068
MISC
microsoft — windows_10 Windows Bind Filter Driver Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17012
MISC
microsoft — windows_10 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038. 2020-11-11 not yet calculated CVE-2020-17010
MISC
microsoft — windows_10 Windows Win32k Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17057
MISC
microsoft — windows_10 Windows Graphics Component Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17004
MISC
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001. 2020-11-11 not yet calculated CVE-2020-17014
MISC
microsoft — windows_10 Windows NDIS Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17069
MISC
microsoft — windows_10 Windows Canonical Display Driver Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17029
MISC
microsoft — windows_10 Windows Delivery Optimization Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17071
MISC
microsoft — windows_10 Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17074, CVE-2020-17076. 2020-11-11 not yet calculated CVE-2020-17073
MISC
microsoft — windows_10 Windows MSCTF Server Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17030
MISC
microsoft — windows_10
 
Windows Print Configuration Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17041
MISC
microsoft — windows_10
 
Windows WalletService Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17037
MISC
microsoft — windows_10
 
Windows WalletService Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-16999
MISC
microsoft — windows_10
 
Win32k Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17013
MISC
microsoft — windows_10
 
Windows Hyper-V Security Feature Bypass Vulnerability 2020-11-11 not yet calculated CVE-2020-17040
MISC
microsoft — windows_10
 
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17036
MISC
microsoft — windows_10
 
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. 2020-11-10 not yet calculated CVE-2020-24367
CONFIRM
microsoft — windows_10
 
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17024
MISC
microsoft — windows_10
 
Windows Kernel Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17035
MISC
microsoft — windows_10
 
Windows Network File System Denial of Service Vulnerability 2020-11-11 not yet calculated CVE-2020-17047
MISC
microsoft — windows_10
 
Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17074. 2020-11-11 not yet calculated CVE-2020-17076
MISC
microsoft — windows_10
 
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. 2020-11-11 not yet calculated CVE-2020-17038
MISC
microsoft — windows_10
 
Windows Camera Codec Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17113
MISC
MISC
microsoft — windows_10
 
Windows Error Reporting Denial of Service Vulnerability 2020-11-11 not yet calculated CVE-2020-17046
MISC
microsoft — windows_10
 
Remote Desktop Protocol Server Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-16997
MISC
microsoft — windows_10
 
Windows Error Reporting Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17007
MISC
microsoft — windows_10
 
Microsoft Browser Memory Corruption Vulnerability 2020-11-11 not yet calculated CVE-2020-17058
MISC
microsoft — windows_10
 
Windows USO Core Worker Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17075
MISC
microsoft — windows_10
 
Windows Update Medic Service Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17070
MISC
microsoft — windows_10
 
Windows Network File System Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17051
MISC
microsoft — windows_10
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17088
MISC
microsoft — windows_10
 
Windows Kernel Local Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17087
MISC
microsoft — windows_10
 
Windows Print Spooler Remote Code Execution Vulnerability 2020-11-11 not yet calculated CVE-2020-17042
MISC
microsoft — windows_10
 
Windows Update Stack Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-17077
MISC
microsoft — windows_10
 
Windows Network File System Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17056
MISC
microsoft — windows_10
 
Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17076. 2020-11-11 not yet calculated CVE-2020-17074
MISC
microsoft — windows_10
 
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014. 2020-11-11 not yet calculated CVE-2020-17001
MISC
microsoft — windows_10
 
Windows KernelStream Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17045
MISC
microsoft — windows_10
 
DirectX Elevation of Privilege Vulnerability 2020-11-11 not yet calculated CVE-2020-16998
MISC
microsoft — windows_10
 
Remote Desktop Protocol Client Information Disclosure Vulnerability 2020-11-11 not yet calculated CVE-2020-17000
MISC
microsoft — windows_server
 
Kerberos Security Feature Bypass Vulnerability 2020-11-11 not yet calculated CVE-2020-17049
MISC
microsoft — word
 
Microsoft Word Security Feature Bypass Vulnerability 2020-11-11 not yet calculated CVE-2020-17020
MISC
microweber — microweber
 
Microweber v1.1.18 is affected by no session expiry after log-out. 2020-11-09 not yet calculated CVE-2020-23136
MISC
MISC
microweber — microweber
 
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. 2020-11-09 not yet calculated CVE-2020-23139
MISC
microweber — microweber
 
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. 2020-11-09 not yet calculated CVE-2020-23138
MISC
MISC
microweber — microweber
 
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active. 2020-11-09 not yet calculated CVE-2020-23140
MISC
mit — kerberos_5
 
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. 2020-11-06 not yet calculated CVE-2020-28196
CONFIRM
MLIST
FEDORA
FEDORA
GENTOO
mitel — shoretel_19.46.1802.0_devices
 
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. 2020-11-09 not yet calculated CVE-2020-28351
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got1000_series
 
Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QMBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QLBDE CoreOS version “05.65.00.BD” and earlier, GT1455HS-QTBDE CoreOS version “05.65.00.BD” and earlier, and GT1450HS-QMBDE CoreOS version “05.65.00.BD” and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5649
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got1000_series
 
Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QMBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QLBDE CoreOS version “05.65.00.BD” and earlier, GT1455HS-QTBDE CoreOS version “05.65.00.BD” and earlier, and GT1450HS-QMBDE CoreOS version “05.65.00.BD” and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5648
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got1000_series
 
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QMBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QLBDE CoreOS version “05.65.00.BD” and earlier, GT1455HS-QTBDE CoreOS version “05.65.00.BD” and earlier, and GT1450HS-QMBDE CoreOS version “05.65.00.BD” and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5645
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got1000_series
 
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QMBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QLBDE CoreOS version “05.65.00.BD” and earlier, GT1455HS-QTBDE CoreOS version “05.65.00.BD” and earlier, and GT1450HS-QMBDE CoreOS version “05.65.00.BD” and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5644
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got1000_series
 
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QMBDE CoreOS version “05.65.00.BD” and earlier, GT1450-QLBDE CoreOS version “05.65.00.BD” and earlier, GT1455HS-QTBDE CoreOS version “05.65.00.BD” and earlier, and GT1450HS-QMBDE CoreOS version “05.65.00.BD” and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5646
MISC
MISC
MISC
MISC
moinmoin — moinmoin
 
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user’s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. 2020-11-11 not yet calculated CVE-2020-15275
MISC
MISC
CONFIRM
moinmoin — moinmoin
 
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. 2020-11-10 not yet calculated CVE-2020-25074
MISC
MISC
MLIST
DEBIAN
nagios — nagios_xi
 
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. 2020-11-13 not yet calculated CVE-2020-5796
MISC
netapp — element_software_and_hci
 
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. 2020-11-13 not yet calculated CVE-2020-8582
MISC
netapp — element_software_and_hci
 
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. 2020-11-13 not yet calculated CVE-2020-8583
MISC
netflix — dispatch
 
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user. 2020-11-09 not yet calculated CVE-2020-9300
MISC
MISC
netflix — dispatch
 
There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user. 2020-11-09 not yet calculated CVE-2020-9299
MISC
MISC
netgear — multiple_devices
 
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44. 2020-11-09 not yet calculated CVE-2020-28373
MISC
nexcom — nio_50
 
The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). 2020-11-13 not yet calculated CVE-2020-25151
MISC
nexcom — nio_50
 
The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). 2020-11-13 not yet calculated CVE-2020-25155
MISC
nextcloud — nextcloud_server
 
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. 2020-11-09 not yet calculated CVE-2020-8150
MISC
MISC
nextcloud — nextcloud_server
 
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. 2020-11-09 not yet calculated CVE-2020-8133
MISC
MISC
nodemailer — nodemailer
 
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. 2020-11-12 not yet calculated CVE-2020-7769
MISC
MISC
MISC
MISC
nvidia — geforce_now
 
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. 2020-11-11 not yet calculated CVE-2020-5992
CONFIRM
object-hierarchy-access — object-hierarchy-access
 
Overview:Prototype pollution vulnerability in ‘object-hierarchy-access’ versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-12 not yet calculated CVE-2020-28270
MISC
MISC
one_identity_password_manager — one_identity_password_manager
 
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. 2020-11-13 not yet calculated CVE-2020-7962
MISC
opera — opera_touch_for_ios
 
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. 2020-11-13 not yet calculated CVE-2020-6157
MISC
packagekit — packagekit
 
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. 2020-11-07 not yet calculated CVE-2020-16121
CONFIRM
MISC
packagekit — packagekit
 
PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. 2020-11-07 not yet calculated CVE-2020-16122
CONFIRM
palo_alto_network — pan-os An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2. 2020-11-12 not yet calculated CVE-2020-2048
CONFIRM
palo_alto_network — pan-os
 
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. 2020-11-12 not yet calculated CVE-2020-2000
CONFIRM
palo_alto_network — pan-os
 
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. 2020-11-12 not yet calculated CVE-2020-2050
CONFIRM
palo_alto_network — pan-os
 
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0. 2020-11-12 not yet calculated CVE-2020-1999
CONFIRM
palo_alto_network — pan-os
 
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator’s session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. 2020-11-12 not yet calculated CVE-2020-2022
CONFIRM
passmark — mulitple_products
 
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0. 2020-11-13 not yet calculated CVE-2020-15481
MISC
MISC
percona — percona_server
 
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. 2020-11-09 not yet calculated CVE-2020-26542
MISC
MISC
CONFIRM
CONFIRM
pixar — openusd
 
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-11-13 not yet calculated CVE-2020-6155
MISC
pixar — openusd
 
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. 2020-11-13 not yet calculated CVE-2020-6147
FULLDISC
MISC
pixar — openusd
 
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. 2020-11-13 not yet calculated CVE-2020-6149
MISC
pixar — openusd
 
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. 2020-11-13 not yet calculated CVE-2020-6156
MISC
pixar — openusd
 
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. 2020-11-13 not yet calculated CVE-2020-6148
MISC
pixar — openusd
 
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. 2020-11-13 not yet calculated CVE-2020-6150
MISC
python-rsa — python-rsa
 
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. 2020-11-12 not yet calculated CVE-2020-25658
CONFIRM
MISC
qualcomm — multiple_snapdragon_products u’Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P 2020-11-12 not yet calculated CVE-2020-11201
CONFIRM
qualcomm — multiple_snapdragon_products u’Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 2020-11-12 not yet calculated CVE-2020-11193
CONFIRM
qualcomm — multiple_snapdragon_products u’Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument’ in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 2020-11-12 not yet calculated CVE-2020-11208
CONFIRM
qualcomm — multiple_snapdragon_products u’Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space’ in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330 2020-11-12 not yet calculated CVE-2020-11131
CONFIRM
qualcomm — multiple_snapdragon_products u’Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11175
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11127
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 2020-11-12 not yet calculated CVE-2020-11209
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11206
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 2020-11-12 not yet calculated CVE-2020-11123
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 2020-11-12 not yet calculated CVE-2020-11196
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Incorrect validation of ring context fetched from host memory can lead to memory overflow’ in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-3632
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11207
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11130
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible integer overflow to heap overflow while processing command due to lack of check of packet length received’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11205
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11121
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P 2020-11-12 not yet calculated CVE-2020-11202
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Buffer over read in boot due to size check ignored before copying GUID attribute from request to response’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 2020-11-12 not yet calculated CVE-2020-11132
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 2020-11-12 not yet calculated CVE-2020-11184
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330 2020-11-12 not yet calculated CVE-2020-11168
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130 2020-11-12 not yet calculated CVE-2020-3639
CONFIRM
rconfig — rconfig
 
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. 2020-11-13 not yet calculated CVE-2020-13638
MISC
readytalk — avian
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-11-09 not yet calculated CVE-2020-28371
MISC
MISC
red_hat — jboss_keycloak A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw 2020-11-09 not yet calculated CVE-2020-14366
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. 2020-11-06 not yet calculated CVE-2020-16846
SUSE
MISC
MISC
FEDORA
GENTOO
CONFIRM
saltstack — salt
 
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. 2020-11-06 not yet calculated CVE-2020-17490
SUSE
MISC
FEDORA
GENTOO
CONFIRM
saltstack — salt
 
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. 2020-11-06 not yet calculated CVE-2020-25592
SUSE
MISC
MISC
FEDORA
GENTOO
CONFIRM
sap — 3d_visual_enterprise_viewer
 
SAP 3D Visual Enterprise Viewer, version – 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. 2020-11-10 not yet calculated CVE-2020-26817
MISC
MISC
MISC
sap — as_abap
 
SAP AS ABAP(DMIS), versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions – 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. 2020-11-10 not yet calculated CVE-2020-26808
MISC
MISC
sap — commerce_cloud SAP Commerce Cloud (Accelerator Payment Mock), versions – 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. 2020-11-10 not yet calculated CVE-2020-26811
MISC
MISC
sap — commerce_cloud
 
SAP Commerce Cloud (Accelerator Payment Mock), versions – 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. 2020-11-10 not yet calculated CVE-2020-26810
MISC
MISC
sap — commerce_cloud
 
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the ‘/medias’ endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. 2020-11-10 not yet calculated CVE-2020-26809
MISC
MISC
sap — erp_and_s/4_hana
 
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. 2020-11-10 not yet calculated CVE-2020-6316
MISC
MISC
sap — erp_client
 
SAP ERP Client for E-Bilanz, version – 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. 2020-11-10 not yet calculated CVE-2020-26807
MISC
MISC
sap — fiori_launchpad
 
SAP Fiori Launchpad (News tile Application), versions – 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability. 2020-11-10 not yet calculated CVE-2020-26815
MISC
MISC
sap — fiori_launchpad
 
SAP Fiori Launchpad (News tile Application), versions – 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim’s web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim’s browser and the victim can easily close the browser tab to terminate it. 2020-11-13 not yet calculated CVE-2020-26825
MISC
MISC
sap — netweaver_as_abap
 
SAP NetWeaver AS ABAP (Web Dynpro), versions – 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. 2020-11-10 not yet calculated CVE-2020-26819
MISC
MISC
sap — netweaver_as_abap
 
SAP NetWeaver AS ABAP (Web Dynpro), versions – 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. 2020-11-10 not yet calculated CVE-2020-26818
MISC
MISC
sap — process_integration
 
SAP Process Integration (PGP Module – Business-to-Business Add On), version – 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure. 2020-11-10 not yet calculated CVE-2020-26814
MISC
MISC
sentrifugo — sentrifugo In Sentrifugo 3.2, users can share an announcement under “Organization -> Announcements” tab. Also, in this page, users can upload attachments with the shared announcements. This “Upload Attachment” functionality is suffered from “Unrestricted File Upload” vulnerability so attacker can upload malicious files using this functionality and control the server. 2020-11-12 not yet calculated CVE-2020-26804
MISC
sentrifugo — sentrifugo In Sentrifugo 3.2, admin can edit employee’s informations via this endpoint –> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, “employeeNumId” parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database. 2020-11-12 not yet calculated CVE-2020-26805
MISC
sentrifugo — sentrifugo
 
In Sentrifugo 3.2, users can upload an image under “Assets -> Add” tab. This “Upload Images” functionality is suffered from “Unrestricted File Upload” vulnerability so attacker can upload malicious files using this functionality and control the server. 2020-11-12 not yet calculated CVE-2020-26803
MISC
set — set Prototype pollution vulnerability in ‘@strikeentco/set’ version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-10 not yet calculated CVE-2020-28267
MISC
MISC
siemens — simatic_s7-300_cpu_family
 
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. 2020-11-12 not yet calculated CVE-2020-15783
MISC
spree — spree Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected. 2020-11-13 not yet calculated CVE-2020-26223
MISC
CONFIRM
MISC
sugarcrm — sugarcrm
 
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). 2020-11-12 not yet calculated CVE-2020-7472
MISC
CONFIRM
suitecrm — suitecrm
 
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. 2020-11-06 not yet calculated CVE-2020-28328
MISC
MISC
MISC
synopsys — synopsys
 
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 – 0.0.52 does not validate SSL certificates in certain cases. 2020-11-06 not yet calculated CVE-2020-27589
CONFIRM
MISC
MISC
MISC
MISC
tcl — android_smart_tvs
 
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. 2020-11-10 not yet calculated CVE-2020-27403
MISC
MISC
MISC
MISC
tcl — android_smart_tvs
 
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder. 2020-11-10 not yet calculated CVE-2020-28055
MISC
MISC
MISC
MISC
MISC
tibco — tibco_iprocess_workspace
 
The Core component of TIBCO Software Inc.’s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below. 2020-11-10 not yet calculated CVE-2020-27146
CONFIRM
CONFIRM
tmux — tmux
 
The function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. 2020-11-06 not yet calculated CVE-2020-27347
MISC
GENTOO
MISC
touchbase.ai — touchbase.ai

 

toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0. 2020-11-11 not yet calculated CVE-2020-26220
MISC
CONFIRM
touchbase.ai — touchbase.ai

 

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0. 2020-11-11 not yet calculated CVE-2020-26221
CONFIRM
touchbase.ai — touchbase.ai
 
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0. 2020-11-11 not yet calculated CVE-2020-26219
CONFIRM
touchbase.ai — touchbase.ai
 
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0. 2020-11-11 not yet calculated CVE-2020-26218
CONFIRM
tp-link — archer_a7_ac1750_devices
 
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. 2020-11-08 not yet calculated CVE-2020-28347
MISC
MISC
MISC
MISC
MISC
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product’s web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability. 2020-11-09 not yet calculated CVE-2020-27018
N/A
N/A
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. 2020-11-09 not yet calculated CVE-2020-27019
N/A
N/A
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. 2020-11-09 not yet calculated CVE-2020-27694
N/A
N/A
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. 2020-11-09 not yet calculated CVE-2020-27016
N/A
N/A
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. 2020-11-09 not yet calculated CVE-2020-27017
N/A
N/A
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. 2020-11-09 not yet calculated CVE-2020-27693
N/A
N/A
untangle — firewall_ng Untangle Firewall NG before 16.0 uses MD5 for passwords. 2020-11-12 not yet calculated CVE-2020-17494
MISC
MISC
MISC
MISC
valve — game_networking_sockets Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. 2020-11-13 not yet calculated CVE-2020-6019
MISC
vivo — fame_touch_module
 
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. 2020-11-10 not yet calculated CVE-2020-12485
CONFIRM
vmware — tanzu_tas
 
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller. 2020-11-11 not yet calculated CVE-2020-5426
CONFIRM
wordpress — wordpress
 
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. 2020-11-10 not yet calculated CVE-2020-24063
MISC
MISC
MISC
MISC
wordpress — wordpress
 
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of “wp_ajax_nopriv” call in WordPress, which allows any unauthenticated user to get access to the function “gdlr_lms_cancel_booking” where POST Parameter “id” was sent straight into SQL query without sanitization. 2020-11-12 not yet calculated CVE-2020-27481
MISC
wordpress — wordpress
 
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. 2020-11-07 not yet calculated CVE-2020-28339
MISC
MISC
xen — xen Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a “Platypus” attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. 2020-11-10 not yet calculated CVE-2020-28368
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: November 9, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. 2020-11-05 9.3 CVE-2020-24433
MISC
google — chrome Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 7.5 CVE-2020-16011
SUSE
SUSE
MISC
MISC
qnap — music_station If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. 2020-11-02 7.5 CVE-2018-19950
CONFIRM
qualcomm — agatti_firmware u’Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 10 CVE-2020-3654
CONFIRM
MISC
qualcomm — agatti_firmware u’While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, AR9344, Bitra, IPQ5018, Kamorta, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9886, QCM6125, QCN7605, QCS404, QCS405, QCS605, QCS610, QRB5165, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 7.8 CVE-2020-3704
CONFIRM
MISC
qualcomm — agatti_firmware u’Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 7.2 CVE-2020-3690
CONFIRM
MISC
qualcomm — agatti_firmware u’Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-11-02 10 CVE-2020-3692
CONFIRM
MISC
qualcomm — agatti_firmware u’Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 10 CVE-2020-3673
CONFIRM
MISC
qualcomm — apq8009_firmware u’Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250 2020-11-02 10 CVE-2020-3657
CONFIRM
MISC
qualcomm — apq8009_firmware u’Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 2020-11-02 8.3 CVE-2020-11155
CONFIRM
MISC
qualcomm — apq8009_firmware u’Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 2020-11-02 8.3 CVE-2020-11154
CONFIRM
MISC
qualcomm — apq8053_firmware u’Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-11-02 7.5 CVE-2020-3703
CONFIRM
MISC
qualcomm — apq8053_firmware u’Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55 2020-11-02 10 CVE-2020-11153
CONFIRM
MISC
qualcomm — ipq4019_firmware u’fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow’ in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980 2020-11-02 7.5 CVE-2020-11172
CONFIRM
MISC
whatsapp — whatsapp A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold. 2020-11-03 7.5 CVE-2020-1909
CONFIRM
wordpress — wordpress WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. 2020-11-02 7.5 CVE-2020-28032
MISC
MLIST
MISC
MISC
DEBIAN
wordpress — wordpress WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. 2020-11-02 7.5 CVE-2020-28035
MLIST
MISC
DEBIAN
wordpress — wordpress wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. 2020-11-02 7.5 CVE-2020-28036
MISC
MLIST
MISC
MISC
DEBIAN
wordpress — wordpress is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). 2020-11-02 7.5 CVE-2020-28037
MISC
MLIST
MISC
MISC
DEBIAN

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 6.8 CVE-2020-24429
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 4.3 CVE-2020-24438
MISC
adobe — acrobat Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 4.3 CVE-2020-24427
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 5.1 CVE-2020-24428
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 5.8 CVE-2020-24431
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 4.3 CVE-2020-24434
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 4.3 CVE-2020-24426
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2020-11-05 6.8 CVE-2020-24437
MISC
MISC
adobe — acrobat Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. 2020-11-05 6.8 CVE-2020-24436
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader. 2020-11-05 6.8 CVE-2020-24435
MISC
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document. 2020-11-05 6.8 CVE-2020-24432
MISC
adobe — acrobat Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. 2020-11-05 6.8 CVE-2020-24430
MISC
basercms — basercms baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. 2020-10-30 6.5 CVE-2020-15277
MISC
MISC
CONFIRM
google — chrome Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15997
MISC
MISC
google — chrome Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15992
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15993
MISC
MISC
google — chrome Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15995
MISC
MISC
google — chrome Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16006
SUSE
SUSE
MISC
MISC
google — chrome Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15996
MISC
MISC
google — chrome Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16005
SUSE
SUSE
MISC
MISC
google — chrome Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15998
MISC
MISC
google — chrome Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16000
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16001
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2020-11-03 6.8 CVE-2020-16002
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16004
SUSE
SUSE
MISC
MISC
google — chrome Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15990
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15977
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15991
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16003
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15988
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15982
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15999
SUSE
MISC
MISC
FEDORA
google — chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16010
MISC
MISC
google — chrome Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15979
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15985
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. 2020-11-03 4.3 CVE-2020-15984
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15974
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15986
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-11-03 4.3 CVE-2020-15981
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2020-11-03 4.3 CVE-2020-6557
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-16009
SUSE
SUSE
MISC
MISC
google — chrome Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. 2020-11-03 4.4 CVE-2020-15983
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15994
MISC
MISC
google — chrome Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15975
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15976
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2020-11-03 6.8 CVE-2020-15978
SUSE
MISC
MISC
FEDORA
FEDORA
ibm — i2_ibase IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. 2020-10-30 6.8 CVE-2020-4588
XF
CONFIRM
ibm — i2_ibase IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. 2020-10-30 5 CVE-2020-4584
XF
CONFIRM
icewarp — mail_server IceWarp 11.4.5.0 allows XSS via the language parameter. 2020-11-02 4.3 CVE-2020-27982
MISC
jenkins — active_directory A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. 2020-11-04 4.3 CVE-2020-2303
MLIST
CONFIRM
jenkins — active_directory A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. 2020-11-04 4 CVE-2020-2302
CONFIRM
jenkins — aws_global_configuration A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. 2020-11-04 4 CVE-2020-2311
CONFIRM
jenkins — azure_key_vault A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2020-11-04 4 CVE-2020-2313
CONFIRM
jenkins — kubernetes A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. 2020-11-04 4 CVE-2020-2308
CONFIRM
jenkins — kubernetes A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2020-11-04 4 CVE-2020-2309
CONFIRM
jenkins — mercurial A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. 2020-11-04 4 CVE-2020-2306
CONFIRM
marmind — marmind A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS. 2020-11-05 4.3 CVE-2020-26505
MISC
MISC
oleacorner — olea_gift_on_order The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. 2020-11-02 5 CVE-2020-9368
MISC
MISC
pimcore — pimcore The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{“keyId”%3a”””,”groupId”%3a”‘asd’))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,”,11,12,”,14+from+users)+–+”}] 2020-10-30 6.5 CVE-2020-7759
CONFIRM
CONFIRM
qnap — music_station If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. 2020-11-02 4.3 CVE-2018-19951
CONFIRM
qnap — music_station If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. 2020-11-02 5 CVE-2018-19952
CONFIRM
qnap — photo_station The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. 2020-11-02 4.3 CVE-2018-19956
CONFIRM
qnap — photo_station The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. 2020-11-02 4.3 CVE-2018-19955
CONFIRM
qnap — photo_station The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. 2020-11-02 4.3 CVE-2018-19954
CONFIRM
qualcomm — agatti_firmware u’Array index underflow issue in adsp driver due to improper check of channel id before used as array index.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 4.6 CVE-2020-11174
CONFIRM
MISC
qualcomm — agatti_firmware u’An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-11-02 4.6 CVE-2020-3638
CONFIRM
MISC
qualcomm — agatti_firmware u’A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param’ in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130 2020-11-02 4.6 CVE-2020-3678
CONFIRM
MISC
qualcomm — agatti_firmware u’Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 2020-11-02 6.4 CVE-2020-3670
CONFIRM
MISC
qualcomm — agatti_firmware u’QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 4.6 CVE-2020-3684
CONFIRM
MISC
qualcomm — agatti_firmware u’Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 4.6 CVE-2020-11125
CONFIRM
MISC
qualcomm — agatti_firmware u’Two threads running simultaneously from user space can lead to race condition in fastRPC driver’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-11-02 4.4 CVE-2020-11173
CONFIRM
MISC
qualcomm — apq8009_firmware u’Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process’ in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24 2020-11-02 4.6 CVE-2020-3696
CONFIRM
MISC
qualcomm — apq8009_firmware u’Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130 2020-11-02 4.6 CVE-2020-3693
CONFIRM
MISC
qualcomm — apq8009_firmware u’Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250 2020-11-02 4.8 CVE-2020-11141
CONFIRM
MISC
qualcomm — apq8009_firmware u’Buffer over-read while processing received L2CAP packet due to lack of integer overflow check’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 2020-11-02 6.4 CVE-2020-11169
CONFIRM
MISC
qualcomm — apq8053_firmware u’Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS’ in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632 2020-11-02 5 CVE-2020-11157
CONFIRM
qualcomm — bitra_firmware u’Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130 2020-11-02 4.6 CVE-2020-3694
CONFIRM
MISC
qualcomm — qca6390_firmware u’Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250 2020-11-02 4.8 CVE-2020-11156
CONFIRM
MISC
trendmicro — antivirus Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2020-10-30 6.9 CVE-2020-27014
N/A
N/A
wordpress — wordpress WordPress before 5.5.2 allows CSRF attacks that change a theme’s background image. 2020-11-02 4.3 CVE-2020-28040
MISC
MLIST
MISC
DEBIAN
wordpress — wordpress WordPress before 5.5.2 allows stored XSS via post slugs. 2020-11-02 4.3 CVE-2020-28038
MISC
MLIST
MISC
DEBIAN
wordpress — wordpress WordPress before 5.5.2 allows XSS associated with global variables. 2020-11-02 4.3 CVE-2020-28034
MLIST
MISC
DEBIAN
wordpress — wordpress WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. 2020-11-02 5 CVE-2020-28033
MLIST
MISC
DEBIAN
wordpress — wordpress is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. 2020-11-02 6.4 CVE-2020-28039
MISC
MLIST
MISC
MISC
DEBIAN
zte — zxa10_eodn_firmware A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 2020-11-05 4 CVE-2020-6877
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
basercms — basercms baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. 2020-10-30 3.5 CVE-2020-15273
MISC
CONFIRM
MISC
basercms — basercms baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. 2020-10-30 3.5 CVE-2020-15276
MISC
MISC
CONFIRM
evms — redcap A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages. 2020-11-02 3.5 CVE-2020-27359
MISC
MISC
MISC
nedi — nedi NeDi 1.9C allows inc/rt-popup.php d XSS. 2020-11-02 3.5 CVE-2020-23868
MISC
nedi — nedi NeDi 1.9C allows pwsec.php oid XSS. 2020-11-02 3.5 CVE-2020-23989
MISC
trendmicro — antivirus Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2020-10-30 2.1 CVE-2020-27015
N/A
N/A

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_reader_dc
 
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. 2020-11-05 not yet calculated CVE-2020-24439
MISC
alerta — alerta
 
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients. 2020-11-06 not yet calculated CVE-2020-26214
MISC
MISC
MISC
CONFIRM
MISC
MISC
apache — shiro
 
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. 2020-11-05 not yet calculated CVE-2020-17510
MLIST
MISC
aruba — airwave_software
 
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. 2020-11-04 not yet calculated CVE-2020-7129
MISC
aruba — airwave_software
 
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. 2020-11-04 not yet calculated CVE-2020-7128
MISC
asterisk — asterisk_open_source
 
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. 2020-11-06 not yet calculated CVE-2020-28327
MISC
asterisk — asterisk_open_source
 
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. 2020-11-06 not yet calculated CVE-2020-28242
MISC
audimexee — audimexee
 
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter “unique_error_numbers” is not set, remote attackers can inject arbitrary web script or HTML via ‘action, cargo, panel’ parameters that can lead to data leakage. 2020-11-05 not yet calculated CVE-2020-28047
MISC
audimexee — audimexee
 
SQL Injection vulnerability in “Documents component” found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. 2020-11-05 not yet calculated CVE-2020-28115
MISC
auth0 — ad-idap-connector
 
ad-ldap-connector’s admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13. 2020-11-06 not yet calculated CVE-2020-15259
MISC
CONFIRM
axios — axios
 
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 2020-11-06 not yet calculated CVE-2020-28168
MISC
b.braun_melsungen_ag — onlinesuite
 
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. 2020-11-06 not yet calculated CVE-2020-25174
MISC
b.braun_melsungen_ag — onlinesuite
 
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. 2020-11-06 not yet calculated CVE-2020-25172
MISC
b.braun_melsungen_ag — onlinesuite
 
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. 2020-11-06 not yet calculated CVE-2020-25170
MISC
bookstack — bookstack
 
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4. 2020-11-03 not yet calculated CVE-2020-26210
MISC
MISC
MISC
CONFIRM
bookstack — bookstack
 
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4. 2020-11-03 not yet calculated CVE-2020-26211
MISC
MISC
CONFIRM
MISC
cellinx — nvt_web_server
 
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. 2020-11-06 not yet calculated CVE-2020-28250
MISC
MISC
check_point — endpoint_security_client
 
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. 2020-11-02 not yet calculated CVE-2020-6014
MISC
check_point — endpoint_security_client
 
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. 2020-11-05 not yet calculated CVE-2020-6015
MISC
cisco — anyconnect_secure_mobility_client
 
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. 2020-11-06 not yet calculated CVE-2020-27123
CISCO
cisco — anyconnect_secure_mobility_client_software
 
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability. 2020-11-06 not yet calculated CVE-2020-3556
CISCO
cisco — edge_fog_fabric
 
A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. 2020-11-06 not yet calculated CVE-2020-26084
CISCO
cisco — identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-11-06 not yet calculated CVE-2020-3551
CISCO
cisco — identity_services_engine
 
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device. 2020-11-06 not yet calculated CVE-2020-27122
CISCO
cisco — identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. 2020-11-06 not yet calculated CVE-2020-26083
CISCO
cisco — integrated_management_controller
 
A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level. 2020-11-06 not yet calculated CVE-2020-3371
CISCO
cisco — ios_xr_64-bit_software
 
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. 2020-11-06 not yet calculated CVE-2020-3284
CISCO
cisco — ip_phones
 
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. 2020-11-06 not yet calculated CVE-2020-3574
CISCO
cisco — sd-wan_software A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges. 2020-11-06 not yet calculated CVE-2020-3595
CISCO
cisco — sd-wan_software
 
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network. 2020-11-06 not yet calculated CVE-2020-3444
CISCO
cisco — sd-wan_software
 
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. 2020-11-06 not yet calculated CVE-2020-3593
CISCO
cisco — sd-wan_software
 
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. 2020-11-06 not yet calculated CVE-2020-3600
CISCO
cisco — sd-wan_software
 
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. 2020-11-06 not yet calculated CVE-2020-3594
CISCO
cisco — sd-wan_vmanage_software A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges. 2020-11-06 not yet calculated CVE-2020-27129
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-11-06 not yet calculated CVE-2020-3587
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-11-06 not yet calculated CVE-2020-3579
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-11-06 not yet calculated CVE-2020-3591
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-11-06 not yet calculated CVE-2020-3590
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. 2020-11-06 not yet calculated CVE-2020-27128
CISCO
cisco — sd-wan_vmanage_software
 
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system. 2020-11-06 not yet calculated CVE-2020-3592
CISCO
cisco — telepresence_collaboration_endpoint_software
 
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. 2020-11-06 not yet calculated CVE-2020-26086
CISCO
cisco — unified_communications_manager_im_and_presence_service_software
 
A vulnerability in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability. 2020-11-06 not yet calculated CVE-2020-27121
CISCO
cisco — webex_meetings_desktop_app
 
A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients. 2020-11-06 not yet calculated CVE-2020-3588
CISCO
cisco — webex_network_player
 
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3573
CISCO
cisco — webex_network_recording_player_and_webex_player
 
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3604
CISCO
cisco — webex_network_recording_player_and_webex_player
 
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2020-11-06 not yet calculated CVE-2020-3603
CISCO
cybozu — garoon
 
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. 2020-11-06 not yet calculated CVE-2020-5643
MISC
MISC
databaseschemaviewer — databaseschemaviewer
 
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened. 2020-11-04 not yet calculated CVE-2020-26207
MISC
MISC
CONFIRM
debian — bounty_castle_bc
 
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. 2020-11-02 not yet calculated CVE-2020-26939
MISC
MISC
MLIST
debian — raptor_xml_writer.c
 
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). 2020-11-06 not yet calculated CVE-2017-18926
MISC
MLIST
DEBIAN
MISC
eramba — eramba
 
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. 2020-11-02 not yet calculated CVE-2020-28031
MISC
MISC
f5 — big-ip In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. 2020-11-05 not yet calculated CVE-2020-5943
MISC
f5 — big-ip In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). 2020-11-05 not yet calculated CVE-2020-5946
MISC
f5 — big-ip
 
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. 2020-11-05 not yet calculated CVE-2020-5939
MISC
f5 — big-ip
 
On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command. 2020-11-05 not yet calculated CVE-2020-5941
MISC
f5 — big-ip
 
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. 2020-11-05 not yet calculated CVE-2020-5944
MISC
f5 — big-ip
 
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. 2020-11-05 not yet calculated CVE-2020-5945
MISC
f5 — big-ip
 
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2020-11-05 not yet calculated CVE-2020-5940
MISC
f5 — big-ip
 
In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. 2020-11-05 not yet calculated CVE-2020-5942
MISC
foxit — reader
 
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. 2020-11-02 not yet calculated CVE-2020-14425
MISC
MISC
MISC
fruitywifi_project — fruitywifi
 
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317. 2020-11-05 not yet calculated CVE-2020-24849
MISC
MISC
MISC
fuel — cms
 
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. 2020-11-04 not yet calculated CVE-2020-26167
MISC
MISC
MISC
MISC
git-lfs — git-lfs
 
Git LFS 2.12.0 allows Remote Code Execution. 2020-11-05 not yet calculated CVE-2020-27955
MISC
FULLDISC
MISC
MISC
MISC
MISC
google — chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. 2020-11-03 not yet calculated CVE-2020-15980
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. 2020-11-03 not yet calculated CVE-2020-15973
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. 2020-11-03 not yet calculated CVE-2020-16007
SUSE
SUSE
MISC
MISC
google — chrome Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. 2020-11-03 not yet calculated CVE-2020-16008
SUSE
SUSE
MISC
MISC
google — chrome
 
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15968
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. 2020-11-03 not yet calculated CVE-2020-15989
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15970
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15971
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15972
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15969
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-11-03 not yet calculated CVE-2020-15967
SUSE
MISC
MISC
FEDORA
FEDORA
google — chrome
 
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. 2020-11-03 not yet calculated CVE-2020-15987
SUSE
MISC
MISC
FEDORA
FEDORA
hashicorp — consul_enterprise
 
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. 2020-11-04 not yet calculated CVE-2020-25201
CONFIRM
MISC
hcl — digital_experience
 
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). 2020-11-05 not yet calculated CVE-2020-14222
MISC
hcl — notes
 
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. 2020-11-05 not yet calculated CVE-2020-4097
MISC
hcl — notes
 
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. 2020-11-05 not yet calculated CVE-2020-14240
MISC
hewlett_packard_enterprise — oneview_and_synergy_composer
 
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. 2020-11-06 not yet calculated CVE-2020-7198
MISC
hewlett_packard_enterprise — proliant_gen10_servers A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board. 2020-11-05 not yet calculated CVE-2020-7207
MISC
hindotech — hk1_s905x3_tv_box
 
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. 2020-11-05 not yet calculated CVE-2020-27402
MISC
MISC
MISC
MISC
MISC
horizontcms — horizontcms
 
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager’s rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta. 2020-11-05 not yet calculated CVE-2020-27387
MISC
MISC
ibm — app_connect_enerprise_certified_container
 
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219. 2020-11-03 not yet calculated CVE-2020-4785
XF
CONFIRM
ibm — maximo_anywhere
 
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 2020-11-03 not yet calculated CVE-2019-4349
XF
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440. 2020-11-05 not yet calculated CVE-2018-1725
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857. 2020-11-06 not yet calculated CVE-2020-4483
XF
CONFIRM
ibm — urbancode_deploy
 
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. 2020-11-03 not yet calculated CVE-2020-4649
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856. 2020-11-06 not yet calculated CVE-2020-4482
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. 2020-11-06 not yet calculated CVE-2020-4484
XF
CONFIRM
immuta — immuta
 
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials. 2020-11-05 not yet calculated CVE-2020-15951
MISC
MISC
MISC
immuta — immuta
 
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. 2020-11-05 not yet calculated CVE-2020-15950
MISC
MISC
MISC
immuta — immuta
 
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. 2020-11-05 not yet calculated CVE-2020-15949
MISC
MISC
MISC
immuta — immuta
 
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS. 2020-11-05 not yet calculated CVE-2020-15952
MISC
MISC
MISC
intelliants — subrion_cms
 
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. 2020-11-04 not yet calculated CVE-2019-7356
MISC
MISC
intermind — imind_server
 
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user’s session by sending a malicious file in the chat. 2020-11-05 not yet calculated CVE-2020-25399
MISC
intermind — imind_server
 
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. 2020-11-05 not yet calculated CVE-2020-25398
MISC
ipfs — ipfs
 
An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes’ routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this. 2020-11-02 not yet calculated CVE-2020-10937
MISC
MISC
jenkins — active_directory_plugin
 
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. 2020-11-04 not yet calculated CVE-2020-2299
MLIST
CONFIRM
jenkins — active_directory_plugin
 
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. 2020-11-04 not yet calculated CVE-2020-2301
CONFIRM
jenkins — active_directory_plugin
 
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. 2020-11-04 not yet calculated CVE-2020-2300
MLIST
CONFIRM
jenkins — active_subversion_plugin
 
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-11-04 not yet calculated CVE-2020-2304
MLIST
CONFIRM
jenkins — ansible_plugin
 
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2020-11-04 not yet calculated CVE-2020-2310
CONFIRM
jenkins — appspider_plugin
 
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2020-11-04 not yet calculated CVE-2020-2314
CONFIRM
jenkins — findbugs_plugin
 
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin’s post build step. 2020-11-04 not yet calculated CVE-2020-2317
CONFIRM
jenkins — kubernetes_plugin
 
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. 2020-11-04 not yet calculated CVE-2020-2307
CONFIRM
jenkins — mail_commander_plugin
 
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2020-11-04 not yet calculated CVE-2020-2318
CONFIRM
jenkins — mercurial_plugin
 
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-11-04 not yet calculated CVE-2020-2305
CONFIRM
jenkins — sqlplus_script_runner_plugin
 
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. 2020-11-04 not yet calculated CVE-2020-2312
CONFIRM
jenkins — static_analysis_utilities_plugin
 
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-11-04 not yet calculated CVE-2020-2316
CONFIRM
jenkins — visualworks_store_plugin
 
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-11-04 not yet calculated CVE-2020-2315
CONFIRM
jenkins — vmware_lab_manager_slaves_plugin
 
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2020-11-04 not yet calculated CVE-2020-2319
CONFIRM
joomla — jomsocial
 
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer’s profile. 2020-11-04 not yet calculated CVE-2020-22274
MISC
MISC
MISC
joplin — joplin
 
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. 2020-11-06 not yet calculated CVE-2020-28249
MISC
MISC
kuka — visual_components
 
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol is vulnerable to DoS through an arbitrary pointerderreference. This flaw allows an attacker to to pass a specially crafted package that, when processed by theservice, causes an arbitrary pointer from the stack to be dereferenced, causing an uncaught exception thatterminates the service. This can be further contructed in combination with RVDP#710 which exploits an informationdisclosure leak, or with RVDP#711 for an stack-overflow and potential code execution.Beyond denying simulations, Visual Components provides capabilities to interface with industrial machinery andautomate certain processes (e.g. testing, benchmarking, etc.) which depending on the DevOps setup might beintegrated into the industrial flow. Accordingly, a DoS in the simulation might have higher repercusions, dependingon the Industrial Control System (ICS) ICS infrastructure. 2020-11-06 not yet calculated CVE-2020-10292
CONFIRM
kuka — visual_components
 
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol leaks information regarding the receiving serverinformation, license information and managing licenses, among others.Through this flaw, attackers can retreive information about a KUKA simulation system, particularly, the version ofthe licensing server, which is connected to the simulator, and which will allow them to launch local simulationswith similar characteristics, further understanding the dynamics of motion virtualization and opening doors toother attacks (see RVDP#711 and RVDP#712 for subsequent vulnerabilities that compromise integrity andavailability).Beyond compromising simulations, Visual Components provides capabilities to interface with industrial machinery.Particularly, their PLC Connectivity feature ‘makes it easy’ to connect simulations with control systems usingeither the industry standard OPC UA or other supported vendor specific interfaces. This fills the gap of jumpingfrom simulation to real and enables attackers to pivot from the Visual Components simulator to robots or otherIndustrial Control System (ICS) devices, such as PLCs. 2020-11-06 not yet calculated CVE-2020-10291
CONFIRM
libmaxminddb — libmaxminddb
 
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. 2020-11-06 not yet calculated CVE-2020-28241
MISC
MISC
MISC
lightbend — play_framework
 
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. 2020-11-06 not yet calculated CVE-2020-26882
MISC
MISC
lightbend — play_framework
 
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. 2020-11-06 not yet calculated CVE-2020-26883
MISC
MISC
lightbend — play_framework
 
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. 2020-11-06 not yet calculated CVE-2020-27196
MISC
MISC
linux — linux_kernel
 
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. 2020-11-06 not yet calculated CVE-2020-27152
MLIST
MISC
CONFIRM
CONFIRM
linux — swift
 
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. 2020-11-02 not yet calculated CVE-2020-9861
MISC
marmind — marmind
 
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI. 2020-11-05 not yet calculated CVE-2020-26506
MISC
MISC
marmind — marmind
 
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC. 2020-11-05 not yet calculated CVE-2020-26507
MISC
MISC
microfocus — self_service_password_reset
 
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. 2020-11-05 not yet calculated CVE-2020-25837
MISC
misp-project — misp
 
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. 2020-11-02 not yet calculated CVE-2020-28043
MISC
mit — kerberos5
 
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. 2020-11-06 not yet calculated CVE-2020-28196
CONFIRM
MLIST
FEDORA
mitsubishi_electric — gt14_model_of_got_1000_series Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5649
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got_1000_series
 
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5647
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got_1000_series
 
Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5648
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got_1000_series
 
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5646
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got_1000_series
 
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5644
MISC
MISC
MISC
MISC
mitsubishi_electric — gt14_model_of_got_1000_series
 
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-06 not yet calculated CVE-2020-5645
MISC
MISC
MISC
MISC
mitsubishi_electric — melsec_iq
 
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions ’20’ and earlier, R 04/08/16/32/120 (EN) CPU firmware versions ’52’ and earlier, R 08/16/32/120 SFCPU firmware versions ’22’ and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number ‘22081’ and earlier , Q 03/04/06/13/26 UDVCPU serial number ‘22031’ and earlier, Q 04/06/13/26 UDPVCPU serial number ‘22031’ and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU – (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition . 2020-11-02 not yet calculated CVE-2020-5652
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5658
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5657
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series
 
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5655
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series
 
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5656
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series
 
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5654
MISC
MISC
MISC
mitsubishi_electric — melsec_iq-r_series
 
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-11-02 not yet calculated CVE-2020-5653
MISC
MISC
MISC
moxa — mxview
 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. 2020-11-05 not yet calculated CVE-2020-13536
MISC
moxa — mxview
 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. 2020-11-05 not yet calculated CVE-2020-13537
MISC
moxa — vport_461_firmware
 
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa’s VPort 461 Series Industrial Video Servers. 2020-11-02 not yet calculated CVE-2020-23639
MISC
nats — jwt_library
 
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. 2020-11-06 not yet calculated CVE-2020-26892
MISC
CONFIRM
nats — jwt_library
 
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). 2020-11-06 not yet calculated CVE-2020-26521
CONFIRM
MISC
neoflex — video_subscritpion_system
 
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website’s Settings to be changed (such as Payment Settings) 2020-11-04 not yet calculated CVE-2020-22273
MISC
MISC
nessus — nessus_for_windows_and_nessus_agent A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. 2020-11-05 not yet calculated CVE-2020-5793
MISC
MISC
nessus — network_monitor
 
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. 2020-11-06 not yet calculated CVE-2020-5794
MISC
netapp — santricity_os_controller_software
 
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). 2020-11-06 not yet calculated CVE-2020-8580
MISC
netapp — santricity_os_controller_software
 
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. 2020-11-06 not yet calculated CVE-2020-8577
MISC
netgear — nighthawk_r7000_devices
 
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim’s intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. 2020-11-02 not yet calculated CVE-2020-28041
MISC
MISC
MISC
MISC
nextcloud — nextcloud_server
 
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. 2020-11-02 not yet calculated CVE-2020-8236
MISC
MISC
nextcloud — nextcloud_server
 
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. 2020-11-02 not yet calculated CVE-2020-8183
MISC
MISC
nextcloud — nextcloud_server
 
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. 2020-11-02 not yet calculated CVE-2020-8173
MISC
MISC
openfind — mailgates_and_mailaudit
 
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. 2020-11-01 not yet calculated CVE-2020-25849
CONFIRM
opensuse — opesuse
 
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that – for a short time period – allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. 2020-11-04 not yet calculated CVE-2020-28049
SUSE
MISC
MISC
MISC
MLIST
DEBIAN
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 2020-11-02 not yet calculated CVE-2020-14750
MISC
origin — origin_client
 
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators. 2020-11-02 not yet calculated CVE-2020-27708
MISC
origin — origin_client
 
A cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window. 2020-11-02 not yet calculated CVE-2020-15914
MISC
osticket — osticket
 
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. 2020-11-02 not yet calculated CVE-2020-24881
MISC
MISC
pax — point_of_sale_device
 
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. 2020-11-02 not yet calculated CVE-2020-28044
MISC
pax — prolinos
 
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables –modprobe switch. 2020-11-02 not yet calculated CVE-2020-28046
MISC
pax — prolinos
 
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD. 2020-11-02 not yet calculated CVE-2020-28045
MISC
qemu — qemu ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. 2020-11-06 not yet calculated CVE-2020-27616
CONFIRM
MISC
qemu — qemu
 
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. 2020-11-06 not yet calculated CVE-2020-27617
CONFIRM
MISC
qualcomm — multiple_snapdragon_products
 
u’Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control’ in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-11-02 not yet calculated CVE-2020-11164
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-11-02 not yet calculated CVE-2020-11162
CONFIRM
qualcomm — multiple_snapdragon_products
 
u’Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 2020-11-02 not yet calculated CVE-2020-11114
CONFIRM
red_hat — red_hat
 
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel’s Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. 2020-11-05 not yet calculated CVE-2020-25662
CONFIRM
CONFIRM
CONFIRM
red_hat — red_hat
 
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2020-11-05 not yet calculated CVE-2020-25661
CONFIRM
CONFIRM
CONFIRM
redcap — redcap
 
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger’s CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another’s conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. 2020-11-02 not yet calculated CVE-2020-27358
MISC
MISC
MISC
relish — verve_connect_vh510_devices The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. 2020-11-04 not yet calculated CVE-2020-27691
MISC
MISC
relish — verve_connect_vh510_devices
 
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware. 2020-11-04 not yet calculated CVE-2020-27692
MISC
MISC
relish — verve_connect_vh510_devices
 
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. 2020-11-04 not yet calculated CVE-2020-27689
MISC
MISC
relish — verve_connect_vh510_devices
 
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. 2020-11-04 not yet calculated CVE-2020-27690
MISC
MISC
rvtools — rvtools
 
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances. 2020-11-05 not yet calculated CVE-2020-27688
MISC
MISC
saltstack — salt
 
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. 2020-11-06 not yet calculated CVE-2020-25592
SUSE
MISC
FEDORA
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. 2020-11-06 not yet calculated CVE-2020-16846
SUSE
MISC
FEDORA
CONFIRM
saltstack — salt
 
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. 2020-11-06 not yet calculated CVE-2020-17490
SUSE
MISC
FEDORA
CONFIRM
servicestack — servicestack
 
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. 2020-11-02 not yet calculated CVE-2020-28042
MISC
MISC
MISC
MISC
shun_hu_technology — juuko_k-800
 
JUUKO K-800 (Firmware versions prior to numbers ending …9A, …9B, …9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running. 2020-11-02 not yet calculated CVE-2018-17932
MISC
shun_hu_technology — juuko_k-800
 
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending …9A, …9B, …9C, etc.). 2020-11-02 not yet calculated CVE-2018-19025
MISC
silver_peak — unity_orchestrator
 
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. 2020-11-05 not yet calculated CVE-2020-12146
MISC
silver_peak — unity_orchestrator
 
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. 2020-11-05 not yet calculated CVE-2020-12147
MISC
silver_peak — unity_orchestrator
 
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability. 2020-11-05 not yet calculated CVE-2020-12145
MISC
sonarqube — sonarqube
 
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint. 2020-11-02 not yet calculated CVE-2020-28002
MISC
studyplus — studyplus_app
 
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. 2020-11-06 not yet calculated CVE-2020-5667
MISC
suitecrm — suitecrm
 
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. 2020-11-06 not yet calculated CVE-2020-28328
MISC
MISC
synk — absolunet/kafe
 
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails. 2020-11-05 not yet calculated CVE-2020-7761
MISC
MISC
synk — browerless-chrome
 
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. 2020-11-02 not yet calculated CVE-2020-7758
MISC
MISC
MISC
synk — codemirror
 
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* 2020-10-30 not yet calculated CVE-2020-7760
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
synk — droppy
 
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. 2020-11-02 not yet calculated CVE-2020-7757
MISC
MISC
synk — jsreport-chrome-pdf
 
This affects the package jsreport-chrome-pdf before 1.10.0. 2020-11-05 not yet calculated CVE-2020-7762
MISC
MISC
synk — phantom-html-to-pdf
 
This affects the package phantom-html-to-pdf before 0.6.1. 2020-11-05 not yet calculated CVE-2020-7763
MISC
MISC
synopsys — blackduck
 
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 – 0.0.52 does not validate SSL certificates in certain cases. 2020-11-06 not yet calculated CVE-2020-27589
MISC
MISC
MISC
MISC
tcpdump — tcpdump
 
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. 2020-11-04 not yet calculated CVE-2020-8037
MISC
tcpdump — tcpdump
 
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. 2020-11-04 not yet calculated CVE-2020-8036
MISC
teler — teler
 
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn’t get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1. 2020-11-06 not yet calculated CVE-2020-26213
MISC
CONFIRM
telerik — fiddler
 
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by –utility-and-browser –utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. 2020-11-05 not yet calculated CVE-2020-13661
MISC
MISC
MISC
tmux — tmux
 
The function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. 2020-11-06 not yet calculated CVE-2020-27347
MISC
MISC
ubiquiti — unifi_protect_controller
 
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. 2020-11-05 not yet calculated CVE-2020-8267
MISC
MISC
MISC
ubuntu — libvirt
 
Ubuntu’s packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. 2020-11-06 not yet calculated CVE-2020-15708
MISC
ubuntu — packagekit
 
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. 2020-11-07 not yet calculated CVE-2020-16121
CONFIRM
MISC
ubuntu — packagekit
 
PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. 2020-11-07 not yet calculated CVE-2020-16122
CONFIRM
ubuntu — ubuntu
 
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. 2020-10-31 not yet calculated CVE-2020-15703
CONFIRM
MISC
unix — symbolic_link
 
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. 2020-11-06 not yet calculated CVE-2020-5795
MISC
vmware — tanzu
 
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn’t appear with LDAP because of chained authentication. 2020-10-31 not yet calculated CVE-2020-5425
CONFIRM
whatsapp — whatsapp_and_whatsapp_business
 
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. 2020-11-03 not yet calculated CVE-2020-1908
CONFIRM
wildfly — wildfly
 
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. 2020-11-02 not yet calculated CVE-2020-25689
CONFIRM
wireshark — wireshark
 
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02 not yet calculated CVE-2020-28030
MISC
MISC
MISC
wondershare — dr.fone
 
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. 2020-11-02 not yet calculated CVE-2020-27992
MISC
MISC
wordpress — wordpress Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer’s profile. 2020-11-04 not yet calculated CVE-2020-22277
MISC
MISC
MISC
wordpress — wordpress
 
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. 2020-11-07 not yet calculated CVE-2020-28339
MISC
MISC
wordpress — wordpress
 
WeForms WordPress Plugin 1.4.7 allows CSV injection via a form’s entry. 2020-11-04 not yet calculated CVE-2020-22276
MISC
MISC
MISC
wordpress — wordpress
 
Easy Registration Forms (ER Forms) WordPress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. 2020-11-04 not yet calculated CVE-2020-22275
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: November 2, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — airport_base_station_firmware An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory. 2020-10-27 7.5 CVE-2019-8581
MISC
MISC
apple — airport_base_station_firmware A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. 2020-10-27 7.5 CVE-2019-8578
MISC
MISC
apple — airport_base_station_firmware A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. 2020-10-27 7.5 CVE-2019-8572
MISC
MISC
apple — airport_base_station_firmware A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service. 2020-10-27 7.8 CVE-2019-8588
MISC
MISC
apple — icloud An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2020-10-27 7.5 CVE-2019-8746
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-10-27 9.3 CVE-2019-8835
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. 2020-10-27 7.5 CVE-2019-8749
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. 2020-10-27 7.5 CVE-2019-8756
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-10-27 9.3 CVE-2019-8844
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. 2020-10-27 7.2 CVE-2020-3864
MISC
MISC
MISC
MISC
MISC
MISC
apple — icloud A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-10-27 9.3 CVE-2019-8846
MISC
MISC
MISC
MISC
MISC
MISC
apple — ipad_os A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8740
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution. 2020-10-27 9.3 CVE-2019-8830
MISC
MISC
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8828
MISC
MISC
MISC
MISC
apple — ipados An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 7.2 CVE-2019-8841
MISC
apple — ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-10-27 9.3 CVE-2020-3880
MISC
MISC
MISC
MISC
apple — ipados A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8829
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8838
MISC
MISC
MISC
MISC
apple — ipados An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2020-10-27 9.3 CVE-2020-9973
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges. 2020-10-27 9.3 CVE-2019-8832
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges. 2020-10-27 9.3 CVE-2019-8831
MISC
MISC
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8836
MISC
MISC
MISC
apple — ipados A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8833
MISC
MISC
MISC
MISC
apple — iphone_os An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. 2020-10-27 7.8 CVE-2019-8573
MISC
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8718
MISC
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8709
MISC
MISC
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout. 2020-10-27 7.1 CVE-2019-8780
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges. 2020-10-27 9.3 CVE-2019-8715
MISC
MISC
MISC
apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 7.2 CVE-2019-8528
MISC
MISC
MISC
apple — iphone_os An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory. 2020-10-27 7.5 CVE-2019-8547
MISC
MISC
MISC
MISC
apple — iphone_os A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. 2020-10-27 7.5 CVE-2019-8531
MISC
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. 2020-10-27 10 CVE-2019-8712
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . 2020-10-27 7.5 CVE-2019-7288
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 7.2 CVE-2019-8525
MISC
MISC
MISC
MISC
apple — mac_os_x A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. 2020-10-27 10 CVE-2019-8716
MISC
apple — mac_os_x A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files. 2020-10-27 9.3 CVE-2019-8837
MISC
apple — mac_os_x A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges. 2020-10-27 9.3 CVE-2019-8852
MISC