Updated CVEs from Tenable

Severity Not Scored Description Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Read more at https://www.tenable.com/cve/CVE-2020-14005

Severity Not Scored Description Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Read more at https://www.tenable.com/cve/CVE-2020-14006

Severity Not Scored Description Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Read more at https://www.tenable.com/cve/CVE-2020-14007

Severity Not Scored Description IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268. Read more at https://www.tenable.com/cve/CVE-2020-4386

Severity Not Scored Description IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269. Read more at https://www.tenable.com/cve/CVE-2020-4387

Severity Not Scored Description IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989. Read more at https://www.tenable.com/cve/CVE-2020-4414

Severity Not Scored Description IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076. Read more at https://www.tenable.com/cve/CVE-2020-4420

Severity Not Scored Description A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. Read more at https://www.tenable.com/cve/CVE-2018-6446

Severity Not Scored Description In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using “contextIsolation” are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. Read more at https://www.tenable.com/cve/CVE-2020-15096

Severity Not Scored Description In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. Read more at https://www.tenable.com/cve/CVE-2020-4075

Severity Not Scored Description In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. Read more at https://www.tenable.com/cve/CVE-2020-4076

Severity Not Scored Description In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. Read more at https://www.tenable.com/cve/CVE-2020-4077

Severity Not Scored Description An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2’s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. Read more at https://www.tenable.com/cve/CVE-2020-9395

Severity Not Scored Description net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. Read more at https://www.tenable.com/cve/CVE-2019-20892

Severity Not Scored Description A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Read more at https://www.tenable.com/cve/CVE-2019-11932

Severity Not Scored Description The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS’ing Grafana via SegFault. Read more at https://www.tenable.com/cve/CVE-2020-13379

Severity Not Scored Description The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. Read more at https://www.tenable.com/cve/CVE-2019-3759

Severity Not Scored Description openSIS through 7.4 allows SQL Injection. Read more at https://www.tenable.com/cve/CVE-2020-13381

Severity Not Scored Description openSIS through 7.4 has Incorrect Access Control. Read more at https://www.tenable.com/cve/CVE-2020-13382

Severity Not Scored Description openSIS through 7.4 allows Directory Traversal. Read more at https://www.tenable.com/cve/CVE-2020-13383

Severity Not Scored Description The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Read more at https://www.tenable.com/cve/CVE-2020-14980

Severity Not Scored Description The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. Read more at https://www.tenable.com/cve/CVE-2020-14981

Severity Not Scored Description Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Read more at https://www.tenable.com/cve/CVE-2020-9498

Severity Not Scored Description Python’s elementtree C accelerator failed to initialise Expat’s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat’s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. Read more at https://www.tenable.com/cve/CVE-2018-14647

Severity Not Scored Description A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. Read more at https://www.tenable.com/cve/CVE-2020-10760

Severity Not Scored Description GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Read more at https://www.tenable.com/cve/CVE-2020-15011

Severity Not Scored Description Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Read more at https://www.tenable.com/cve/CVE-2020-9497

Severity Not Scored Description Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Read more at https://www.tenable.com/cve/CVE-2020-2208

Severity Not Scored Description Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. Read more at https://www.tenable.com/cve/CVE-2020-2205

Severity Not Scored Description ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker’s behalf and send them to the attacker. Read more at https://www.tenable.com/cve/CVE-2018-8956