US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 37 perc 49 másodperc
2020. augusztus 10.

Vulnerability Summary for the Week of August 3, 2020

Original release date: August 10, 2020


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- http_server
  Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE 2020-08-07 7.5 CVE-2020-11984
MLIST
MLIST
MLIST
MLIST
MISC
GENTOO apache -- skywalking
  **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. 2020-08-05 7.5 CVE-2020-13921
MLIST
MISC
MLIST cisco -- data_center_network_manager
  A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. 2020-07-31 10 CVE-2020-3382
CISCO cisco -- data_center_network_manager
  A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. 2020-07-31 9 CVE-2020-3383
CISCO cisco -- data_center_network_manager
  A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. 2020-07-31 9 CVE-2020-3386
CISCO cisco -- data_center_network_manager
  A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. 2020-07-31 7.5 CVE-2020-3376
CISCO cisco -- sd-wan_vmanage_software
  A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. 2020-07-31 9 CVE-2020-3374
CISCO cohesive_networks -- vns3:vpn_appliances The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. 2020-08-04 9 CVE-2020-15467
MISC
MISC digitus -- da-70254_4-port_gigabit_network_hub_devices DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15063
MISC ibm -- security_verify_access
  IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. 2020-08-04 7.5 CVE-2020-4459
XF
CONFIRM ibm -- websphere_application_server
  IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. 2020-08-03 7.2 CVE-2020-4534
XF
CONFIRM

lindy -- 42633_4-port_usb_gigabit_network_server_device

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15059
MISC php_factory -- multiple_products
  [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. 2020-08-04 7.5 CVE-2020-5616
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC teltonika -- trb2_r_devices
  Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. 2020-08-03 9 CVE-2020-5772
MISC teltonika -- trb2_r_devices
  Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. 2020-08-03 9 CVE-2020-5771
MISC tp-link -- tl-ps310u_devices
  TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15055
MISC vmware -- kryo_codec
  Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code. 2020-07-31 7.5 CVE-2020-5413
CONFIRM wowza -- streaming_engine
  Wowza Streaming Engine through 2019-11-28 has Insecure Permissions. 2020-08-03 7.2 CVE-2019-19455
MISC
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info acti-- nvr3
  ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. 2020-08-04 5 CVE-2020-15956
MISC
MISC
MISC amazon -- firecracker
  In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. 2020-08-04 4.3 CVE-2020-16843
MISC amq -- online_console
  It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2. 2020-08-03 6.8 CVE-2020-14319
MISC apache -- http_server
  IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. 2020-08-07 4.3 CVE-2020-11985
MISC
GENTOO apache -- http_server
  Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. 2020-08-07 4.3 CVE-2020-11993
MISC
MLIST
GENTOO atlassian -- jira
  An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated. 2020-08-04 5.5 CVE-2020-15943
MISC
FULLDISC
MISC
MISC bitdefender -- endpoint_security_for_mac
  Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. 2020-08-03 4.6 CVE-2020-8108
MISC chartkick -- chartkick
  The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). 2020-08-05 4.3 CVE-2020-16254
MISC
MISC cisco -- data_center_network_manager
  A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. 2020-07-31 6.5 CVE-2020-3462
CISCO cisco -- data_center_network_manager
  A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. 2020-07-31 6.5 CVE-2020-3377
CISCO cisco -- data_center_network_manager
  A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2020-07-31 4.3 CVE-2020-3460
CISCO cisco -- data_center_network_manager
  A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system. 2020-07-31 6 CVE-2020-3384
CISCO cisco -- data_center_network_manager
  A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. 2020-07-31 5 CVE-2020-3461
CISCO delta_electronics -- delta_industrial_automation_cncsoft_screen_editor Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. 2020-08-04 4.3 CVE-2020-16201
MISC
MISC
MISC
MISC
MISC
MISC
MISC delta_electronics -- delta_industrial_automation_cncsoft_screen_editor
  Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-04 6.8 CVE-2020-16199
MISC
MISC
MISC
MISC delta_electronics -- delta_industrial_automation_cncsoft_screeneditor
  Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-04 6.8 CVE-2020-16203
MISC
MISC delta_electronics -- tpeditor
  Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16219
MISC delta_electronics -- tpeditor
  Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16225
MISC delta_electronics -- tpeditor
  Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16221
MISC delta_electronics -- tpeditor
  Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16227
MISC delta_electronics -- tpeditor
  Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16223
MISC digitus -- da-7054_4-port_gigabit_network_hub_devices DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15065
MISC extreme_networks -- eac_applications
  Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. 2020-08-05 4.3 CVE-2020-13819
CONFIRM
MISC
MISC extreme_networks -- extreme_management_center
  Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. 2020-08-03 4.3 CVE-2020-13820
MISC
MISC
MISC
MISC fanuc -- i_series_cnc
  A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. 2020-08-03 5 CVE-2020-12739
JVN
MISC
JVN
MISC field_test -- field_test
  The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. 2020-08-05 4.3 CVE-2020-16252
MISC
MISC hmtalk -- daviewindy
  DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-08-04 6.8 CVE-2020-7822
MISC
MISC hmtalk -- daviewindy
  DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-08-04 6.8 CVE-2020-7823
MISC
MISC huawei -- fusioncomput
  Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. 2020-07-31 4.6 CVE-2020-9248
MISC ibm -- cognos_analytics
  IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. 2020-08-03 6.4 CVE-2020-4377
XF
CONFIRM ibm -- cognos_analytics
  IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449. 2020-08-03 4 CVE-2019-4589
XF
CONFIRM ibm -- cognos_analytics
  IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. 2020-08-03 5 CVE-2019-4366
XF
CONFIRM ibm -- financial_transaction_manager
  IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2020-08-03 4.3 CVE-2020-4560
XF
CONFIRM ibm -- financial_transaction_manager
  IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839. 2020-08-03 6.5 CVE-2020-4328
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319. 2020-08-03 6.9 CVE-2020-4551
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317. 2020-08-03 6.9 CVE-2020-4549
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322. 2020-08-03 6.9 CVE-2020-4554
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320. 2020-08-03 6.9 CVE-2020-4552
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318. 2020-08-03 6.9 CVE-2020-4550
XF
CONFIRM ibm -- i2_analyst_notebook
  IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321. 2020-08-03 6.9 CVE-2020-4553
XF
CONFIRM ibm -- jazz_foundation_and_engineering_products
  IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539. 2020-08-04 4 CVE-2020-4410
XF
CONFIRM ibm-- security_identity_governance_and_intelligence
  IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. 2020-08-05 4.3 CVE-2020-4243
XF
CONFIRM jeedom -- jeedom
  Jeedom through 4.0.38 allows XSS. 2020-08-05 4.3 CVE-2020-9036
MISC kde -- ark
  In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. 2020-08-03 6.8 CVE-2020-16116
MISC
CONFIRM
CONFIRM
FEDORA
GENTOO
CONFIRM kee_vault -- keepassrpc
  The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. 2020-08-03 6.4 CVE-2020-16271
MISC
MISC kee_vault -- keepassrpc
  The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection. 2020-08-03 6.4 CVE-2020-16272
MISC
MISC libx11 -- libx11
  An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. 2020-08-05 4.6 CVE-2020-14344
SUSE
SUSE
CONFIRM
MISC
MISC limesurvey -- limesurvey
  LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. 2020-08-05 4.3 CVE-2020-16192
MISC lindy -- 42633_4-port_usb_gigabit_network_server_devices Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15061
MISC linux -- etcd
  etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. 2020-08-06 5 CVE-2020-15115
CONFIRM linux -- etcd
  In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. 2020-08-06 4 CVE-2020-15114
CONFIRM nlnet_labs -- routinator
  An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. 2020-08-05 5.8 CVE-2020-17366
MISC ocportal -- ocportal
  A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. 2020-08-03 4.3 CVE-2015-9549
MISC
MISC pghero_gem_for_ruby_on_rails -- pghero_gem_for_ruby_on_rails The PgHero gem through 2.6.0 for Ruby allows CSRF. 2020-08-05 5.8 CVE-2020-16253
MISC
MISC php_factory -- calendar01_and_calendar02 Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-08-04 6.8 CVE-2020-5615
MISC
MISC
MISC plesk -- obsidian
  A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. 2020-08-03 4.3 CVE-2020-11583
MISC plesk -- onyx A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. 2020-08-03 4.3 CVE-2020-11584
MISC radare2 -- radare2
  radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. 2020-08-03 4.3 CVE-2020-16269
MISC richoh -- streamline_nx_client_tool_and_streamline_nx_client
  An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. 2020-08-04 4.6 CVE-2019-20001
MISC
MISC skysea -- client_view
  Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. 2020-08-04 4.6 CVE-2020-5617
MISC
MISC sulu -- sulu
  In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1. 2020-08-05 5 CVE-2020-15132
CONFIRM teltonika -- trb2_r_devices
  Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. 2020-08-03 6.5 CVE-2020-5773
MISC teltonika -- trb2_r_devices
  Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. 2020-08-03 6.8 CVE-2020-5770
MISC tgstation-server -- tgstation-server
  In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. 2020-07-31 6.8 CVE-2020-16136
MISC
MISC tiki -- tiki
  Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. 2020-08-03 4.3 CVE-2020-16131
MISC
MISC tp-link -- tl-ps310u_devices
  TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15057
MISC vmware -- gemfire
  VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. 2020-07-31 6.5 CVE-2020-5396
CONFIRM vmware -- tanzu_application_service
  VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. 2020-07-31 6 CVE-2020-5414
CONFIRM wowza -- streaming_engine
  Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2). 2020-08-03 4.3 CVE-2019-19453
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info check_point -- zonealarm_anti-ransomware
  ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. 2020-08-04 1.9 CVE-2020-6012
MISC
MISC
MISC digitus -- da-70254_4-port_gigabit_network_hub_devices
  DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15062
MISC digitus -- da-70254_4-port_gigabit_network_hub_devices
  DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15064
MISC gantt-chart -- gantt-chart
  An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated. 2020-08-04 3.5 CVE-2020-15944
MISC
FULLDISC
MISC
MISC grub2 -- grub2
  There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. 2020-07-31 3.6 CVE-2020-14311
SUSE
SUSE
CONFIRM
UBUNTU grub2 -- grub2
  There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. 2020-07-31 3.6 CVE-2020-14310
SUSE
SUSE
CONFIRM
UBUNTU huawei -- p30_smartphones HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11). 2020-07-31 3.3 CVE-2020-9249
MISC ibm -- jazz_foundation_and_engineering IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435. 2020-08-04 3.5 CVE-2020-4525
XF
CONFIRM ibm -- jazz_foundation_and_engineering
  IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179359. 2020-08-04 3.5 CVE-2020-4396
XF
CONFIRM ibm -- jazz_foundation_and_engineering
  IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046. 2020-08-04 3.5 CVE-2020-4542
XF
CONFIRM ibm -- spectrum_protect_plus
  IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. 2020-08-04 1.9 CVE-2020-4631
XF
CONFIRM lindy -- 42633_4-port_usb_gigabit_network_server_devices
  Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15060
MISC lindy -- 42633_4-port_usb_gigabit_network_server_devices
  Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15058
MISC linux -- etcd
  In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). 2020-08-05 3.6 CVE-2020-15113
CONFIRM mcafee  -- total_protection
  Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. 2020-08-05 3.6 CVE-2020-7298
MISC october -- october_cms
  In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468). 2020-07-31 3.5 CVE-2020-15128
MISC
MISC
CONFIRM softperfect -- ram_disk
  An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. 2020-08-04 2.1 CVE-2020-13523
MISC softperfect -- ram_disk
  An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. 2020-08-04 3.6 CVE-2020-13522
MISC tp-link -- usb_network_server_tl-ps310u_devices TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15054
MISC tp-link -- usb_network_server_tl-ps310u_devices TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15056
MISC vmware -- vsphere_and_windows
  Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). 2020-08-03 2.1 CVE-2020-8575
MISC x.org_project -- xorg-server
  A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. 2020-08-05 2.1 CVE-2020-14347
CONFIRM
MISC
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info activesoft -- mybrowserplus
  MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. 2020-08-06 not yet calculated CVE-2020-7817
MISC
MISC advantech -- webaccess_hmi_designer Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-08-06 not yet calculated CVE-2020-16215
MISC advantech -- webaccess_hmi_designer Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. 2020-08-06 not yet calculated CVE-2020-16211
MISC advantech -- webaccess_hmi_designer
  Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-08-06 not yet calculated CVE-2020-16207
MISC advantech -- webaccess_hmi_designer
  Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-08-06 not yet calculated CVE-2020-16229
MISC advantech -- webaccess_hmi_designer
  Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-08-06 not yet calculated CVE-2020-16217
MISC advantech -- webaccess_hmi_designer
  Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-08-06 not yet calculated CVE-2020-16213
MISC aerospike -- aerospike_community_edition
  Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. 2020-08-05 not yet calculated CVE-2020-13151
MISC
MISC
MISC
MISC apache -- http_server
  Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. 2020-08-07 not yet calculated CVE-2020-9490
MISC
MLIST
GENTOO atlassian -- fisheye
  Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3. 2020-08-05 not yet calculated CVE-2017-18112
MISC avaya -- ip_office
  A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. 2020-08-07 not yet calculated CVE-2019-7005
CONFIRM canonical -- apport_package
  An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. 2020-08-06 not yet calculated CVE-2020-15701
CONFIRM
CONFIRM canonical -- apport_package
  TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. 2020-08-06 not yet calculated CVE-2020-15702
CONFIRM cayin_technology -- cayin_cms
  Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. 2020-08-06 not yet calculated CVE-2020-7357
IBM
MISC
MISC cayin_technology -- xpost
  CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. 2020-08-06 not yet calculated CVE-2020-7356
MISC
MISC easycorp -- zentao_pro
  The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system. 2020-08-06 not yet calculated CVE-2020-7361
MISC extreme_networks -- extreme_management_center Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. 2020-08-04 not yet calculated CVE-2020-16847
MISC
MISC freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. 2020-08-06 not yet calculated CVE-2020-7459
MISC freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation. 2020-08-06 not yet calculated CVE-2020-7460
MISC
MISC gog -- galaxy
  The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. 2020-08-06 not yet calculated CVE-2020-7352
MISC
MISC golang -- go
  Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. 2020-08-06 not yet calculated CVE-2020-16845
MISC
CONFIRM handysoft -- groupware
  hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. 2020-08-07 not yet calculated CVE-2020-7810
MISC
MISC ibm -- urbancode_deploy
  IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848. 2020-08-05 not yet calculated CVE-2020-4481
XF
CONFIRM ivanti -- dsm_netinst
  Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. 2020-08-06 not yet calculated CVE-2020-13793
MISC
MISC ivanti -- service_manager_heat_remote_control
  Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet. 2020-08-06 not yet calculated CVE-2020-12441
MISC
MISC jetbrains -- kotlin
  In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. 2020-08-08 not yet calculated CVE-2020-15824
MISC
MISC jetbrains -- teamcity
  In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. 2020-08-08 not yet calculated CVE-2020-15829
MISC
MISC jetbrains -- teamcity
  In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. 2020-08-08 not yet calculated CVE-2020-15826
MISC
MISC jetbrains -- teamcity
  In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. 2020-08-08 not yet calculated CVE-2020-15825
MISC
MISC jetbrains -- teamcity
  JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. 2020-08-08 not yet calculated CVE-2020-15831
MISC
MISC jetbrains -- teamcity
  JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. 2020-08-08 not yet calculated CVE-2020-15830
MISC
MISC jetbrains -- teamcity
  In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. 2020-08-08 not yet calculated CVE-2020-15828
MISC
MISC jetbrains -- toolbox
  In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. 2020-08-08 not yet calculated CVE-2020-15827
MISC
MISC jetbrains -- upsource
  In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. 2020-08-08 not yet calculated CVE-2019-19704
MISC
MISC jetbrains -- youtrack JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. 2020-08-08 not yet calculated CVE-2020-15823
MISC
MISC jetbrains -- youtrack
  In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. 2020-08-08 not yet calculated CVE-2020-15818
MISC
MISC jetbrains -- youtrack
  In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. 2020-08-08 not yet calculated CVE-2020-15817
MISC
MISC jetbrains -- youtrack
  In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. 2020-08-08 not yet calculated CVE-2020-15821
MISC
MISC jetbrains -- youtrack
  JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. 2020-08-08 not yet calculated CVE-2020-15819
MISC
MISC jetbrains -- youtrack
  In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. 2020-08-08 not yet calculated CVE-2020-15820
MISC
MISC lilypond -- lilypond
  scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. 2020-08-05 not yet calculated CVE-2020-17353
MISC linux -- ectd
  In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. 2020-08-06 not yet calculated CVE-2020-15136
MISC
CONFIRM linux -- etcd In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. 2020-08-05 not yet calculated CVE-2020-15112
CONFIRM linux -- etcd
  In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. 2020-08-05 not yet calculated CVE-2020-15106
CONFIRM mahara -- mahara In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. 2020-08-07 not yet calculated CVE-2020-15907
MISC
MISC micro_focus -- secure_messaging_gateway DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. 2020-08-07 not yet calculated CVE-2020-11852
MISC netapp -- active_iq_unified_manager_for_linux Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. 2020-08-03 not yet calculated CVE-2020-8574
MISC netflix -- spring_cloud
  Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. 2020-08-07 not yet calculated CVE-2020-5412
CONFIRM neztore -- save-server
  save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user's files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7. 2020-08-04 not yet calculated CVE-2020-15135
CONFIRM
MISC
MISC passmark -- burnintest_and_osforensics_and_performance_test
  An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. 2020-08-07 not yet calculated CVE-2020-15479
MISC
MISC
MISC
MISC passmark -- burnintest_and_osforensics_and_performancetest
  An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. 2020-08-07 not yet calculated CVE-2020-15480
MISC
MISC
MISC
MISC prism -- prism
  Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. 2020-08-07 not yet calculated CVE-2020-15138
MISC
CONFIRM
MISC project_contour -- contour
  In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which removes Envoy from the routing pool. When running Envoy (For example on the host network, pod spec hostNetwork=true), the shutdown manager's endpoint is accessible to anyone on the network that can reach the Kubernetes node that's running Envoy. There is no authentication in place that prevents a rogue actor on the network from shutting down Envoy via the shutdown manager endpoint. Successful exploitation of this issue will lead to bad actors shutting down all instances of Envoy, essentially killing the entire ingress data plane. This is fixed in version 1.7.0. 2020-08-05 not yet calculated CVE-2020-15127
MISC
CONFIRM quadra_informatique -- atos-magento
  The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. 2020-08-05 not yet calculated CVE-2020-13404
MISC
MISC
MISC securenvoy -- securmail
  SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. 2020-08-07 not yet calculated CVE-2020-13376
MISC
MISC solidus -- solidus
  In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section. 2020-08-04 not yet calculated CVE-2020-15109
MISC
CONFIRM sophos -- xg_firewall Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. 2020-08-07 not yet calculated CVE-2020-17352
MISC
MISC suse -- multiple_products
  A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. 2020-08-07 not yet calculated CVE-2020-8025
CONFIRM suse -- multiple_products
  A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. 2020-08-07 not yet calculated CVE-2020-8026
CONFIRM swisscom -- multiple_products
  An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device's plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser. 2020-08-04 not yet calculated CVE-2020-16134
MISC
MISC temi -- launcher_os
  Temi Launcher OS 11969 through 13146 has Missing Authentication for a Critical Function. 2020-08-07 not yet calculated CVE-2020-16167
MISC
MISC temi -- multiple_devices
  Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error. 2020-08-07 not yet calculated CVE-2020-16168
MISC
MISC temi -- robox_os Temi Robox OS 117.21 through 119.24 allows Authentication Bypass via an Alternate Path or Channel. 2020-08-07 not yet calculated CVE-2020-16169
MISC
MISC trend_micro -- multiple_products
  An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. 2020-08-05 not yet calculated CVE-2020-8607
N/A
N/A
N/A
N/A usvn -- user-friendly_svn USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. 2020-08-05 not yet calculated CVE-2020-17364
MISC
MISC whoopsie_project -- whoopsie
  In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1. 2020-08-06 not yet calculated CVE-2020-11937
CONFIRM
CONFIRM
CONFIRM yokogawa -- multiple_products
  CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. 2020-08-05 not yet calculated CVE-2020-5608
MISC
MISC yokogawa -- multiple_products
  Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. 2020-08-05 not yet calculated CVE-2020-5609
MISC
MISC zyxel -- multiple_products
  A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. 2020-08-06 not yet calculated CVE-2020-13364
MISC
MISC zyxel -- multiple_products
  Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. 2020-08-06 not yet calculated CVE-2020-13365
MISC
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 3.

Vulnerability Summary for the Week of July 27, 2020

Original release date: August 3, 2020


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

adobe -- magento

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-29 8.5 CVE-2020-9689
CONFIRM

adobe -- magento

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-29 8.5 CVE-2020-9692
CONFIRM adobe -- magento
  Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-29 9.3 CVE-2020-9691
CONFIRM arris -- ruckus_wireless_unleashed
  rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 7.5 CVE-2020-13917
CONFIRM arris -- ruckus_wireless_unleashed
  A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 7.5 CVE-2020-13916
CONFIRM arris -- ruckus_wireless_unleashed
  emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 7.5 CVE-2020-13919
CONFIRM artifex_software -- ghostscript A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. 2020-07-28 7.5 CVE-2020-15900
MISC
CONFIRM
MISC
MISC
MISC aternity -- steelcentral_aternity_agent SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. 2020-07-27 7.2 CVE-2020-15593
CONFIRM
MISC control_web_panel -- centos_web_panel This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_disk_usage.php. When parsing the folderName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9713. 2020-07-28 10 CVE-2020-15427
N/A control_web_panel -- centos_web_panel This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9736. 2020-07-28 10 CVE-2020-15430
N/A control_web_panel -- centos_web_panel This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9727. 2020-07-28 7.8 CVE-2020-15624
N/A control_web_panel -- centos_web_panel This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9712. 2020-07-28 7.8 CVE-2020-15622
N/A control_web_panel -- centos_web_panel This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9259. 2020-07-28 10 CVE-2020-15420
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9714. 2020-07-28 10 CVE-2020-15428
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716. 2020-07-28 10 CVE-2020-15429
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9740. 2020-07-28 10 CVE-2020-15431
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715. 2020-07-28 10 CVE-2020-15433
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9745. 2020-07-28 10 CVE-2020-15434
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719. 2020-07-28 10 CVE-2020-15435
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9723. 2020-07-28 7.8 CVE-2020-15619
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9717. 2020-07-28 7.8 CVE-2020-15618
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9724. 2020-07-28 10 CVE-2020-15608
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9726. 2020-07-28 10 CVE-2020-15609
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9728. 2020-07-28 10 CVE-2020-15610
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_restart parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9734. 2020-07-28 10 CVE-2020-15611
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9742. 2020-07-28 10 CVE-2020-15425
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9720. 2020-07-28 10 CVE-2020-15606
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the serverip parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9709. 2020-07-28 10 CVE-2020-15426
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9737. 2020-07-28 10 CVE-2020-15612
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9721. 2020-07-28 10 CVE-2020-15607
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9710. 2020-07-28 7.8 CVE-2020-15628
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9731. 2020-07-28 10 CVE-2020-15422
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9746. 2020-07-28 10 CVE-2020-15615
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_ip parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9707. 2020-07-28 10 CVE-2020-15421
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9711. 2020-07-28 7.8 CVE-2020-15621
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9729. 2020-07-28 7.8 CVE-2020-15625
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9741. 2020-07-28 7.8 CVE-2020-15620
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9730. 2020-07-28 7.8 CVE-2020-15626
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9738. 2020-07-28 7.8 CVE-2020-15627
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the status parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9708. 2020-07-28 7.8 CVE-2020-15617
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9722. 2020-07-28 10 CVE-2020-15623
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9739. 2020-07-28 10 CVE-2020-15613
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9718. 2020-07-28 10 CVE-2020-15614
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9743. 2020-07-28 10 CVE-2020-15432
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9735. 2020-07-28 10 CVE-2020-15424
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the dominio parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9732. 2020-07-28 10 CVE-2020-15423
N/A control_web_panel -- centos_web_panel
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9706. 2020-07-28 7.8 CVE-2020-15616
N/A fortinet -- fortios An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. 2020-07-24 7.5 CVE-2020-12812
MISC gerapy -- gerapy
  This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. 2020-07-29 7.5 CVE-2020-7698
MISC
MISC grandstream -- ht800_series_devices
  Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. 2020-07-29 9 CVE-2020-5763
MISC
MISC grandstream -- ht800_series_devices
  Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. 2020-07-29 7.8 CVE-2020-5761
MISC
MISC grandstream -- ht800_series_devices
  Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. 2020-07-29 9.3 CVE-2020-5760
MISC
MISC libssh -- libssh
  libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. 2020-07-29 7.5 CVE-2020-16135
MISC
MISC
MISC
MLIST mida_solutions -- eframework Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. 2020-07-24 7.8 CVE-2020-15923
MISC mida_solutions -- eframework
  Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. 2020-07-24 7.5 CVE-2020-15921
MISC mida_solutions -- eframework
  There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. 2020-07-24 10 CVE-2020-15922
MISC mida_solutions -- eframework
  There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. 2020-07-24 10 CVE-2020-15920
MISC mock2easy -- mock2easy
  This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType); 2020-07-29 7.5 CVE-2020-7697
MISC
MISC netgear -- r6700_routers This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703. 2020-07-28 8.3 CVE-2020-15416
MISC netgear -- r6700_routers This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. 2020-07-28 8.3 CVE-2020-10923
MISC netgear -- r6700_routers
  This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647. 2020-07-28 8.3 CVE-2020-10925
MISC netgear -- r6700_routers
  This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649. 2020-07-28 8.3 CVE-2020-10927
MISC netgear -- r6700_routers
  This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648. 2020-07-28 8.3 CVE-2020-10926
MISC netgear -- r6700_routers
  This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643. 2020-07-28 8.3 CVE-2020-10924
MISC netgear -- r6700_routers
  This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768. 2020-07-28 8.3 CVE-2020-10929
MISC node.js -- node.js
&#xA0; napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. 2020-07-24 10 CVE-2020-8174
MISC openbsd_project -- openbsd
&#xA0; iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. 2020-07-28 7.5 CVE-2020-16088
CONFIRM
MISC
MISC
MISC openclinic_ga -- openclinic_ga OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. 2020-07-29 9 CVE-2020-14488
MISC openclinic_ga -- openclinic_ga OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands. 2020-07-29 7.5 CVE-2020-14487
MISC opendmarc -- opendmarc OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. 2020-07-27 7.5 CVE-2020-12460
MISC
MISC portland_labs -- concrete5
&#xA0; Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. 2020-07-28 9 CVE-2020-11476
CONFIRM
CONFIRM
MISC
MISC pulse_secure -- pulse_connect_secure
&#xA0; An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. 2020-07-30 7.5 CVE-2020-8206
MISC qemu -- qemu
&#xA0; hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. 2020-07-28 7.2 CVE-2020-15863
CONFIRM
CONFIRM
MISC
MISC qualcomm -- multiple_snapdragon_products Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-07-30 7.5 CVE-2020-3699
CONFIRM
MISC qualcomm -- multiple_snapdragon_products Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM8150, SM8250, SXR2130 2020-07-30 7.5 CVE-2020-3698
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-07-30 7.5 CVE-2020-3688
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130 2020-07-30 7.5 CVE-2020-3671
CONFIRM
MISC zoho -- manageengine_desktop_central
&#xA0; An issue was discovered in the client side of Zoho ManageEngine Desktop Central before 10.0.533. An attacker-controlled server can trigger an integer overflow via a crafted header value. 2020-07-29 7.5 CVE-2020-15588
CONFIRM Back to top

&#xA0;

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info arris -- ruckus_wireless_unleashed
&#xA0; webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 5 CVE-2020-13914
CONFIRM arris -- ruckus_wireless_unleashed
&#xA0; An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 4.3 CVE-2020-13913
CONFIRM arris -- ruckus_wireless_unleashed
&#xA0; Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 5 CVE-2020-13918
CONFIRM arris -- ruckus_wireless_unleashed
&#xA0; Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. 2020-07-28 6.4 CVE-2020-13915
CONFIRM cherokee -- cherokee
&#xA0; Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. 2020-07-27 5 CVE-2020-12845
MISC
MISC
MISC citrix -- workspace
&#xA0; Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. 2020-07-24 6 CVE-2020-8207
MISC elastic -- kibana
&#xA0; Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. 2020-07-27 4.3 CVE-2020-7016
N/A
N/A fast-http -- fast-http
&#xA0; This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 5 CVE-2020-7687
MISC freediameter -- freediameter
&#xA0; An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. 2020-07-28 5 CVE-2020-6098
MISC gambio -- gx
&#xA0; Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. 2020-07-28 6.8 CVE-2020-10984
MISC
MISC gambio -- gx
&#xA0; Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. 2020-07-28 4 CVE-2020-10982
MISC
MISC gambio -- gx
&#xA0; Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. 2020-07-28 4 CVE-2020-10983
MISC
MISC gnome -- balsa
&#xA0; In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. 2020-07-29 5 CVE-2020-16118
MISC
MISC gnome -- evolution-data-server
&#xA0; In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. 2020-07-29 5 CVE-2020-16117
MISC
MISC
MISC
MLIST grafana -- grafana
&#xA0; Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. 2020-07-27 4.3 CVE-2020-11110
MISC grandstream -- ht800_firmware
&#xA0; Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. 2020-07-29 5 CVE-2020-5762
MISC
MISC grundfos -- cim
&#xA0; Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. 2020-07-27 5 CVE-2020-10609
CONFIRM hmtalk -- daviewindy
&#xA0; DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-07-30 6.8 CVE-2020-7828
MISC hmtalk -- daviewindy
&#xA0; DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-07-30 6.8 CVE-2020-7827
MISC hmtalk -- daviewindy
&#xA0; DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-07-30 6.8 CVE-2020-7829
MISC huawei -- p30_smartphones
&#xA0; HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure. 2020-07-27 4.3 CVE-2020-9077
MISC i_hate_money -- i_hate_money
&#xA0; In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated. This is fixed in version 4.1.5. 2020-07-27 4 CVE-2020-15120
MISC
CONFIRM ibm -- maximo_asset_management
&#xA0; IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. 2020-07-29 6.4 CVE-2020-4463
XF
CONFIRM ibm -- mq_appliance
&#xA0; IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. 2020-07-28 4 CVE-2020-4465
XF
CONFIRM ibm -- mq_appliance
&#xA0; IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. 2020-07-28 5 CVE-2020-4375
XF
CONFIRM ibm -- planning_analytics
&#xA0; IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716. 2020-07-29 5.8 CVE-2020-4644
XF
CONFIRM ibm -- tivoli_key_lifecycle_manager
&#xA0; IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. 2020-07-29 5 CVE-2020-4573
XF
CONFIRM ibm -- tivoli_key_lifecycle_manager
&#xA0; IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156. 2020-07-29 5 CVE-2020-4567
XF
CONFIRM ibm -- tivoli_key_lifecycle_manager
&#xA0; IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179. 2020-07-29 5 CVE-2020-4572
XF
CONFIRM ibm -- tivoli_key_lifecycle_manager
&#xA0; IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. 2020-07-29 5 CVE-2020-4574
XF
CONFIRM ibm -- tivoli_key_lifecycle_manager
&#xA0; IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158. 2020-07-29 6.4 CVE-2020-4569
XF
CONFIRM ibm -- verify_gateway
&#xA0; IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. 2020-07-27 4 CVE-2020-4405
XF
CONFIRM jpeg-js -- jpeg-js
&#xA0; Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. 2020-07-24 4.3 CVE-2020-8175
MISC kde -- kmail
&#xA0; KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. 2020-07-27 4.3 CVE-2020-15954
MISC
MLIST konawiki -- konawiki
&#xA0; Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. 2020-07-29 4.3 CVE-2020-5613
MISC
MISC konawiki -- konawiki
&#xA0; Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. 2020-07-29 4.3 CVE-2020-5612
MISC
MISC konawiki -- konawiki
&#xA0; Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2020-07-29 5 CVE-2020-5614
MISC
MISC kubernetes -- kubernetes
&#xA0; The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. 2020-07-27 5.8 CVE-2020-8558
CONFIRM
MLIST lenovo -- drivers_management
&#xA0; An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. 2020-07-24 6.9 CVE-2020-8326
CONFIRM lenovo -- drivers_management
&#xA0; A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. 2020-07-24 6.9 CVE-2020-8317
CONFIRM libetpan -- mailcore
&#xA0; LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." 2020-07-27 5.8 CVE-2020-15953
MISC
GENTOO lua -- lua
&#xA0; Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. 2020-07-24 5 CVE-2020-15945
MISC
MISC marked-tree -- marked-tree
&#xA0; This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 5 CVE-2020-7682
MISC marscode -- marscode
&#xA0; This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 5 CVE-2020-7681
MISC microsoft -- windows_codecs_library A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457. 2020-07-27 6.8 CVE-2020-1425
MISC microsoft -- windows_codecs_library
&#xA0; A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425. 2020-07-27 6.8 CVE-2020-1457
MISC mida -- eframework
&#xA0; There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. 2020-07-24 5 CVE-2020-15924
MISC mida -- eframework
&#xA0; A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. 2020-07-24 4.3 CVE-2020-15919
MISC ncp -- secure_enterprise_client
&#xA0; NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. 2020-07-28 4.6 CVE-2020-11474
MISC
MISC netgear -- r6700_routers
&#xA0; This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767. 2020-07-28 4.6 CVE-2020-10928
MISC netgear -- r6700_routers
&#xA0; This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756. 2020-07-28 5.8 CVE-2020-15417
MISC openbsd -- openssh
&#xA0; scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." 2020-07-24 6.8 CVE-2020-15778
MISC
CONFIRM
MISC openclinic_ga -- openclinic_ga
&#xA0; OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. 2020-07-29 6.5 CVE-2020-14490
MISC openclinic_ga -- openclinic_ga
&#xA0; A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands. 2020-07-29 6.5 CVE-2020-14493
MISC openclinic_ga -- openclinic_ga
&#xA0; OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. 2020-07-29 5 CVE-2020-14489
MISC openclinic_ga -- openclinic_ga
&#xA0; OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. 2020-07-29 4.3 CVE-2020-14492
MISC openclinic_ga -- openclinic_ga
&#xA0; An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands. 2020-07-29 6.5 CVE-2020-14486
MISC oracle -- mysql
&#xA0; Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2020-07-24 4 CVE-2020-14725
CONFIRM
MISC parallels -- remote_application_server
&#xA0; Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm. 2020-07-24 6.5 CVE-2020-15860
MISC
MISC pulse_secure -- pulse_connect_secure
&#xA0; A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. 2020-07-30 4.3 CVE-2020-8204
MISC pulse_secure -- pulse_connect_secure
&#xA0; An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. 2020-07-30 4 CVE-2020-8216
MISC pulse_secure -- pulse_connect_secure
&#xA0; An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. 2020-07-28 5.8 CVE-2020-15408
MISC
CONFIRM pulse_secure -- pulse_connect_secure
&#xA0; A code injection vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. 2020-07-30 6.5 CVE-2020-8218
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-07-30 4.6 CVE-2019-14130
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCN7606, QCS605, SC8180X, SDA660, SDA845, SDM439, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-07-30 4.6 CVE-2019-14037
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55, SM8150 2020-07-30 4.6 CVE-2019-14100
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-07-30 4.6 CVE-2019-14123
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-07-30 4.6 CVE-2019-14099
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130 2020-07-30 4.6 CVE-2019-10580
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 2020-07-30 4.6 CVE-2019-14124
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCM2150, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM636, SDM660, SDX20 2020-07-30 4.6 CVE-2019-14093
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130 2020-07-30 4.6 CVE-2020-3701
CONFIRM
MISC qualcomm -- multiple_snapdragon_products
&#xA0; Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130 2020-07-30 5 CVE-2020-3700
CONFIRM
MISC rconfig -- rconfig
&#xA0; rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. 2020-07-28 6.5 CVE-2020-15715
MISC
MISC rconfig -- rconfig
&#xA0; rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. 2020-07-28 6.5 CVE-2020-15714
MISC
MISC rconfig -- rconfig
&#xA0; rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. 2020-07-28 6.5 CVE-2020-15713
MISC
MISC rconfig -- rconfig
&#xA0; rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system. 2020-07-28 4 CVE-2020-15712
MISC
MISC rollup-plugin-server -- rollup-plugin-server
&#xA0; This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. 2020-07-25 5 CVE-2020-7686
MISC rollup-plugin-server -- rollup-plugin-server
&#xA0; This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. 2020-07-25 5 CVE-2020-7683
MISC shopware -- shopware
&#xA0; Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server. 2020-07-28 6.5 CVE-2020-13970
CONFIRM
CONFIRM shopware -- shopware
&#xA0; In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. 2020-07-28 5 CVE-2020-13997
CONFIRM
CONFIRM steelcentral -- aternity_agent
&#xA0; SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins&#x201D; directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the &#x201C;.\plugins&#x201D; string, a directory traversal vulnerability exists in the way plugins are resolved. 2020-07-27 5 CVE-2020-15592
CONFIRM
MISC typo3 -- kitodo_presentation
&#xA0; The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS. 2020-07-29 4.3 CVE-2020-16095
MISC
CONFIRM umbracoforms -- umbracoforms
&#xA0; This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. 2020-07-28 5 CVE-2020-7685
CONFIRM uvicorn -- uvicorn
&#xA0; Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. 2020-07-27 5 CVE-2020-7695
MISC
MISC wildfly -- enterprise_java_beans_client
&#xA0; A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. 2020-07-24 4 CVE-2020-14297
CONFIRM wildfly -- enterprise_java_beans_client
&#xA0; A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. 2020-07-24 4 CVE-2020-14307
CONFIRM wordpress -- wordpress
&#xA0; Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-07-27 6.8 CVE-2020-5611
MISC
MISC Back to top

&#xA0;

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- magento
&#xA0; Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. 2020-07-29 3.5 CVE-2020-9690
CONFIRM atlassian -- confluence_server_and_data_center
&#xA0; Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. 2020-07-24 3.5 CVE-2020-14175
N/A elastic -- kibana
&#xA0; In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. 2020-07-27 3.5 CVE-2020-7017
N/A
N/A freerdp -- freerdp
&#xA0; In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto 2020-07-27 3.5 CVE-2020-15103
MISC
MISC
CONFIRM
FEDORA
FEDORA huawei -- mate_20_smartphones
&#xA0; HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8). 2020-07-27 2.1 CVE-2020-9251
MISC ibm -- mq_appliance
&#xA0; IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. 2020-07-27 2.1 CVE-2020-4498
XF
CONFIRM ibm -- mq_appliance
&#xA0; IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. 2020-07-28 2.1 CVE-2019-4731
XF
CONFIRM ibm -- multiple_products
&#xA0; IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. 2020-07-28 3.5 CVE-2020-4319
XF
CONFIRM ibm -- multiple_products
&#xA0; IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356. 2020-07-28 3.5 CVE-2020-4318
XF
CONFIRM ibm -- multiple_products
&#xA0; IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355. 2020-07-28 3.5 CVE-2020-4317
XF
CONFIRM ibm -- planning_analytics_local
&#xA0; IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. 2020-07-29 3.5 CVE-2020-4645
XF
CONFIRM ibm -- qradar_advisor
&#xA0; The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536. 2020-07-27 2.1 CVE-2020-4408
XF
CONFIRM mida_solutions -- eframework Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. 2020-07-24 3.5 CVE-2020-15918
MISC netgear -- r6700_routers
&#xA0; This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. 2020-07-28 3.3 CVE-2020-10930
MISC pulse_secure -- pulse_connect_secure
&#xA0; A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. 2020-07-30 3.5 CVE-2020-8217
MISC pulse_secure -- pulse_policy_secure_and_pulse_connect_secure_virtual_appliance
&#xA0; An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) 2020-07-27 2.1 CVE-2020-12880
MISC
CONFIRM qualcomm -- multiple_snapdragon_products
&#xA0; Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 2020-07-30 3.6 CVE-2019-14101
CONFIRM
MISC shopware -- shopware
&#xA0; In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication. 2020-07-28 3.5 CVE-2020-13971
CONFIRM
CONFIRM usd_herolab -- gambio_gx
&#xA0; Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. 2020-07-28 3.5 CVE-2020-10985
MISC
MISC Back to top

&#xA0;

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info abus -- secvest_fumo50110
&#xA0; The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks. 2020-07-30 not yet calculated CVE-2020-14158
MISC
FULLDISC
MISC auth0-- auth0
&#xA0; In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API 2020-07-29 not yet calculated CVE-2020-15125
MISC
MISC
CONFIRM
MISC cisco -- data)center_network_manager
&#xA0; A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. 2020-07-31 not yet calculated CVE-2020-3382
CISCO cisco -- data_center_network_manager A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. 2020-07-31 not yet calculated CVE-2020-3377
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. 2020-07-31 not yet calculated CVE-2020-3386
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system. 2020-07-31 not yet calculated CVE-2020-3384
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. 2020-07-31 not yet calculated CVE-2020-3383
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. 2020-07-31 not yet calculated CVE-2020-3462
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2020-07-31 not yet calculated CVE-2020-3460
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. 2020-07-31 not yet calculated CVE-2020-3376
CISCO cisco -- data_center_network_manager
&#xA0; A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. 2020-07-31 not yet calculated CVE-2020-3461
CISCO cisco -- sd-wan_solution_software
&#xA0; A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. 2020-07-31 not yet calculated CVE-2020-3375
CISCO cisco -- sd-wan_vmanage_software
&#xA0; A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. 2020-07-31 not yet calculated CVE-2020-3374
CISCO claws_mail -- claws_mail
&#xA0; In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. 2020-07-28 not yet calculated CVE-2020-16094
MISC decentralised_privacy-preserving_proximity_tracing -- decentralised_privacy-preserving_proximity_tracing
&#xA0; An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none. 2020-07-30 not yet calculated CVE-2020-15957
MISC
MISC
MISC dell -- emc_openmanage_server_administrator
&#xA0; Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. 2020-07-28 not yet calculated CVE-2020-5377
MISC express-fileupload -- express-fileupload
&#xA0; This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. 2020-07-30 not yet calculated CVE-2020-7699
CONFIRM
CONFIRM fastify -- fastify
&#xA0; A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. 2020-07-30 not yet calculated CVE-2020-8192
MISC fave-websocket -- fave-websocket
&#xA0; In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended. 2020-07-31 not yet calculated CVE-2020-15133
MISC
CONFIRM faye -- faye
&#xA0; Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory. 2020-07-31 not yet calculated CVE-2020-15134
MISC
CONFIRM flexnet -- publisher_imadmin
&#xA0; An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system. 2020-07-31 not yet calculated CVE-2020-12081
CONFIRM free_software_foundation -- gnu_grub2 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. 2020-07-29 not yet calculated CVE-2020-15705
UBUNTU
MLIST
REDHAT
CONFIRM
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
CONFIRM
SUSE
SUSE free_software_foundation -- gnu_grub2
&#xA0; There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. 2020-07-30 not yet calculated CVE-2020-14309
MISC
CONFIRM free_software_foundation -- gnu_grub2
&#xA0; GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. 2020-07-29 not yet calculated CVE-2020-15706
UBUNTU
MLIST
REDHAT
CONFIRM
CONFIRM
CONFIRM
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
SUSE
SUSE free_software_foundation -- gnu_grub2
&#xA0; There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. 2020-07-31 not yet calculated CVE-2020-14311
CONFIRM free_software_foundation -- gnu_grub2
&#xA0; Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. 2020-07-29 not yet calculated CVE-2020-15707
UBUNTU
MLIST
REDHAT
CONFIRM
CONFIRM
CONFIRM
UBUNTU
DEBIAN
DEBIAN
CONFIRM
CONFIRM
SUSE
SUSE free_software_foundation -- gnu_grub2
&#xA0; There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. 2020-07-31 not yet calculated CVE-2020-14310
CONFIRM free_software_foundation -- gnu_grub2
&#xA0; In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. 2020-07-29 not yet calculated CVE-2020-14308
MLIST
MISC
CONFIRM free_software_foundation -- gnu_grub2
&#xA0; A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-07-30 not yet calculated CVE-2020-10713
MISC
CONFIRM
CERT-VN grin -- grin
&#xA0; Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. 2020-07-28 not yet calculated CVE-2020-15899
MISC
CONFIRM hashicorp -- terraform_enterprise
&#xA0; HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1. 2020-07-30 not yet calculated CVE-2020-15511
MISC
MISC hp -- intelligent_provisioning_service_pack
&#xA0; A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications. 2020-07-30 not yet calculated CVE-2020-7205
MISC huawei -- fusioncomput
&#xA0; Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. 2020-07-31 not yet calculated CVE-2020-9248
MISC huawei -- p30_smartphones
&#xA0; HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11). 2020-07-31 not yet calculated CVE-2020-9249
MISC ibm -- security_guardium
&#xA0; IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. 2020-07-30 not yet calculated CVE-2020-4186
XF
CONFIRM ibm -- security_guardium
&#xA0; IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. 2020-07-30 not yet calculated CVE-2020-4185
XF
CONFIRM inductive_automation -- ignition_8
&#xA0; The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). 2020-07-31 not yet calculated CVE-2020-14520
MISC kubernetes -- kubernetes
&#xA0; The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. 2020-07-29 not yet calculated CVE-2020-8553
CONFIRM kubevirt -- kubevirt
&#xA0; A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-07-29 not yet calculated CVE-2020-14316
MISC linux -- linux-kernal
&#xA0; The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. 2020-07-30 not yet calculated CVE-2020-16166
MISC
MISC nagios -- log_server
&#xA0; A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. 2020-07-30 not yet calculated CVE-2020-16157
MISC
MISC
MISC nec -- multiple_pbxes

&#xA0; Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. 2020-07-29 not yet calculated CVE-2019-20027
MISC nec -- multiple_pbxes
&#xA0; On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. 2020-07-29 not yet calculated CVE-2019-20033
MISC nec -- multiple_pbxes
&#xA0; Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. 2020-07-29 not yet calculated CVE-2019-20028
MISC nec -- multiple_pbxes
&#xA0; An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. 2020-07-29 not yet calculated CVE-2019-20032
MISC nec -- multiple_pbxes
&#xA0; An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. 2020-07-29 not yet calculated CVE-2019-20029
MISC nec -- multiple_systems
&#xA0; NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. 2020-07-29 not yet calculated CVE-2019-20031
MISC nec -- sv9100_pbxes
&#xA0; The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. 2020-07-29 not yet calculated CVE-2019-20026
MISC nec -- sv9100_pbxes
&#xA0; Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. 2020-07-29 not yet calculated CVE-2019-20025
MISC nec -- um8000_systems
&#xA0; An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. 2020-07-29 not yet calculated CVE-2019-20030
MISC neronet -- voip_gateway
&#xA0; beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials. 2020-07-29 not yet calculated CVE-2017-18923
MISC
MISC nextcloud -- preferred_providers_app
&#xA0; Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. 2020-07-30 not yet calculated CVE-2020-8202
MISC
MISC octobercms -- octobercms
&#xA0; In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468). 2020-07-31 not yet calculated CVE-2020-15128
MISC
MISC
CONFIRM osisoft -- pi_system
&#xA0; An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. 2020-07-27 not yet calculated CVE-2020-10643
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display. 2020-07-25 not yet calculated CVE-2020-10614
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. 2020-07-24 not yet calculated CVE-2020-10610
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. 2020-07-24 not yet calculated CVE-2020-10608
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. 2020-07-24 not yet calculated CVE-2020-10606
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. 2020-07-25 not yet calculated CVE-2020-10604
MISC osisoft -- pi_system
&#xA0; An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions). 2020-07-24 not yet calculated CVE-2020-10600
MISC osisoft -- pi_system
&#xA0; In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. 2020-07-24 not yet calculated CVE-2020-10602
MISC pi-hole -- pi-hole
&#xA0; Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). 2020-07-30 not yet calculated CVE-2020-12620
MISC
MISC
MISC pi-hole -- pi-hole
&#xA0; An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. 2020-07-30 not yet calculated CVE-2020-14162
MISC
MISC pulse_secure -- pulse_connect_secure
&#xA0; A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. 2020-07-30 not yet calculated CVE-2020-8221
MISC pulse_secure -- pulse_connect_secure
&#xA0; A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. 2020-07-30 not yet calculated CVE-2020-8220
MISC pulse_secure -- pulse_connect_secure
&#xA0; An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. 2020-07-30 not yet calculated CVE-2020-8219
MISC pulse_secure -- pulse_connect_secure
&#xA0; A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. 2020-07-30 not yet calculated CVE-2020-8222
MISC qualcomm -- qualcomm
&#xA0; Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. 2020-07-31 not yet calculated CVE-2020-3681
CONFIRM red_hat -- ansible_tower
&#xA0; A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality. 2020-07-31 not yet calculated CVE-2020-14337
MISC red_hat -- nova_libvirt
&#xA0; A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. 2020-07-31 not yet calculated CVE-2020-10731
MISC red_hat -- satellite_6
&#xA0; A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. 2020-07-31 not yet calculated CVE-2020-14334
MISC rsa -- mfa_agent
&#xA0; Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system. 2020-07-31 not yet calculated CVE-2020-5384
MISC seafile -- seafile-client
&#xA0; The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. 2020-07-29 not yet calculated CVE-2020-16143
MISC sick -- package_analytics
&#xA0; SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. 2020-07-29 not yet calculated CVE-2020-2076
MISC sick -- package_analytics
&#xA0; Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. 2020-07-29 not yet calculated CVE-2020-2078
MISC sick -- package_analytics
&#xA0; SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. 2020-07-29 not yet calculated CVE-2020-2077
MISC slp_validate -- slp_validate
&#xA0; In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2. 2020-07-30 not yet calculated CVE-2020-15131
MISC
CONFIRM slpjs -- slpjs
&#xA0; In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4. 2020-07-30 not yet calculated CVE-2020-15130
MISC
CONFIRM sonatype -- nexus_repository_manager_oss_pro
&#xA0; Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). 2020-07-31 not yet calculated CVE-2020-15869
MISC
CONFIRM sonatype -- nexus_repository_manager_oss_pro
&#xA0; Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). 2020-07-31 not yet calculated CVE-2020-15870
MISC
CONFIRM sonatype -- nexus_repository_manager_oss_pro
&#xA0; Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. 2020-07-31 not yet calculated CVE-2020-15871
MISC
CONFIRM springblade -- springblade
&#xA0; The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. 2020-07-30 not yet calculated CVE-2020-16165
MISC
MISC teamviewer -- teamviewer
&#xA0; TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. 2020-07-29 not yet calculated CVE-2020-13699
CONFIRM
MISC tgstation-server -- tgstation-server
&#xA0; In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. 2020-07-31 not yet calculated CVE-2020-16136
MISC
MISC toyota -- global_techstream
&#xA0; Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors. 2020-07-30 not yet calculated CVE-2020-5610
MISC traefik -- traefik
&#xA0; In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. 2020-07-30 not yet calculated CVE-2020-15129
MISC
MISC
MISC
MISC
MISC
CONFIRM typo3 -- typo3
&#xA0; In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6. 2020-07-29 not yet calculated CVE-2020-15099
CONFIRM
MISC typo3 -- typo3
&#xA0; In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6. 2020-07-29 not yet calculated CVE-2020-15098
MISC
CONFIRM
MISC
MISC typo3 -- typo3
&#xA0; In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3. 2020-07-29 not yet calculated CVE-2020-15086
MISC
MISC
CONFIRM ubuntu -- core_16_and_core_18_devices
&#xA0; cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. 2020-07-29 not yet calculated CVE-2020-11933
CONFIRM
CONFIRM ubuntu -- ubuntu
&#xA0; It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. 2020-07-29 not yet calculated CVE-2020-11934
CONFIRM
CONFIRM unifi -- protect
&#xA0; An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. 2020-07-30 not yet calculated CVE-2020-8213
MISC uvicorn -- uvicorn
&#xA0; This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). 2020-07-27 not yet calculated CVE-2020-7694
MISC
MISC veeam_one -- veeam_one
&#xA0; This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRSReport class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10709. 2020-07-28 not yet calculated CVE-2020-15418
MISC
MISC veeam_one -- veeam_one
&#xA0; This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10710. 2020-07-28 not yet calculated CVE-2020-15419
MISC
MISC vmware -- gemfire
&#xA0; VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. 2020-07-31 not yet calculated CVE-2020-5396
CONFIRM vmware -- gemfire
&#xA0; VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution. 2020-07-31 not yet calculated CVE-2019-11286
CONFIRM vmware -- kryo_codec
&#xA0; Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code. 2020-07-31 not yet calculated CVE-2020-5413
CONFIRM vmware -- tanzu_application_service
&#xA0; VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. 2020-07-31 not yet calculated CVE-2020-5414
CONFIRM Back to top

This product is provided subject to this Notification and this Privacy & Use policy.