US National Cyber Awareness System Bulletins

CISA Bulletins Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

  • Vulnerability Summary for the Week of June 29, 2020
    by CISA on July 6, 2020 at 10:11 am

    Original release date: July 6, 2020 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9566CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9564CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9562CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9569CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9568CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9565CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9567CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9563CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9559CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9560CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9556CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9555CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9554CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9561CONFIRM adobe — character_animator Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9586CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9589CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9590CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9620CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9621CONFIRM adobe — illustrator Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9573CONFIRM adobe — illustrator Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9574CONFIRM adobe — illustrator Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9572CONFIRM adobe — illustrator Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 9.3 CVE-2020-9571CONFIRM adobe — illustrator Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 9.3 CVE-2020-9570CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9585CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9576CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9582CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9583CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9580CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 10 CVE-2020-9631CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9578CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation. 2020-06-26 7.5 CVE-2020-9630CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 10 CVE-2020-9632CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 7.5 CVE-2020-9579CONFIRM draytek — multiple_devices On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. 2020-06-30 7.5 CVE-2020-15415MISCMISC f5 — big-ip In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. 2020-07-01 10 CVE-2020-5902MISC mk-auth — mk-auth An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php. 2020-06-29 7.5 CVE-2020-14068MISCMISC mk-auth — mk-auth An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. 2020-06-29 10 CVE-2020-14072MISCMISC mk-auth — mk-auth An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. 2020-06-29 10 CVE-2020-14070MISCMISC opensis — opensis openSIS through 7.4 allows SQL Injection. 2020-07-01 7.5 CVE-2020-13381MISCMISC opensis — opensis openSIS before 7.4 allows SQL Injection. 2020-07-01 7.5 CVE-2020-13380CONFIRMMISC prestashop — prestashop In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6 2020-07-02 7.5 CVE-2020-15082MISCCONFIRM prestashop — prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.7.6. 2020-07-02 10 CVE-2020-4074MISCCONFIRM sqlite — sqlite In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. 2020-06-27 7.5 CVE-2020-15358MISCMISCMISC stash — stash Stash 1.0.3 allows SQL Injection via the downloadmp3.php download parameter. 2020-06-26 7.5 CVE-2020-15311MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. 2020-06-29 7.5 CVE-2020-15320MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. 2020-06-29 7.5 CVE-2020-15324MISCMISC Back to top Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-06-26 4.3 CVE-2020-3809CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9553CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9557CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9558CONFIRM adobe — coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. 2020-06-26 4.3 CVE-2020-3796CONFIRM adobe — coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). 2020-06-26 4.3 CVE-2020-3767CONFIRM adobe — coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. 2020-06-26 4.4 CVE-2020-3768CONFIRM adobe — digital_editions Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-3798CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 5 CVE-2020-9627CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9622CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9624CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 5 CVE-2020-9628CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9626CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 5 CVE-2020-9625CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9629CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 5 CVE-2020-9623CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. 2020-06-26 5 CVE-2020-9591CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. 2020-06-26 6.5 CVE-2020-9588CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . 2020-06-26 4.3 CVE-2020-9577CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-26 4.3 CVE-2020-9581CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts. 2020-06-26 5 CVE-2020-9587CONFIRM adobe — premiere_pro Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9616CONFIRM adobe — premiere_rush Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 4.3 CVE-2020-9617CONFIRM apache — tomcat A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. 2020-06-26 5 CVE-2020-11996MLISTCONFIRMMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLIST cybozu — garoon Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. 2020-06-30 4 CVE-2020-5581MISCMISC cybozu — garoon Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. 2020-06-30 4 CVE-2020-5588MISCMISC docker — docker_desktop com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. 2020-06-27 4.6 CVE-2020-15360MISCMISC ibm — api_connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. 2020-06-29 5 CVE-2020-4452XFCONFIRM ibm — maximo_asset_management IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. 2020-06-26 6.5 CVE-2019-4650XFCONFIRM ibm — security_identity_manager_virtual_appliance IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. 2020-07-01 4 CVE-2019-4705XFCONFIRM ibm — security_identity_manager_virtual_appliance IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. 2020-07-01 4 CVE-2019-4706XFCONFIRM ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. 2020-06-26 4.3 CVE-2020-4565XFCONFIRM jiangmin — jiangmin_antivirus In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. 2020-06-26 4.9 CVE-2020-14955MISC mattermost — mattermost_mobile_app An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. 2020-06-26 5 CVE-2020-13891CONFIRM mediaarea — mediainfo In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). 2020-06-30 6.8 CVE-2020-15395MISCMISC mk-auth — mk-auth IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. 2020-07-01 4.3 CVE-2019-4704XFCONFIRM mk-auth — mk-auth An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code. 2020-06-29 4.3 CVE-2020-14071MISCMISC mk-auth — mk-auth An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php. 2020-06-29 4.6 CVE-2020-14069MISCMISC nedi_consulting — nedi NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. 2020-06-26 4.3 CVE-2020-15016MISC nedi_consulting — nedi NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. 2020-06-26 4.3 CVE-2020-15017MISC opensis — opensis openSIS through 7.4 allows Directory Traversal. 2020-07-01 5 CVE-2020-13383MISCMISC opensis — opensis openSIS through 7.4 has Incorrect Access Control. 2020-07-01 6.4 CVE-2020-13382MISCMISC prestashop — prestashop In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6 2020-07-02 4.3 CVE-2020-15083MISCCONFIRM prestashop — prestashop In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory. 2020-07-02 5 CVE-2020-15081MISCCONFIRM wordpress — wordpress The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. 2020-06-28 4.3 CVE-2020-15364MISCMISC wordpress — wordpress The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. 2020-06-28 5 CVE-2020-15363MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. 2020-06-29 4.3 CVE-2020-15319MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. 2020-06-29 4.3 CVE-2020-15314MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. 2020-06-29 4.3 CVE-2020-15313MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. 2020-06-29 4.3 CVE-2020-15312MISCMISC Back to top Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-26 3.5 CVE-2020-9584CONFIRM adobe — magento Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. 2020-06-29 3.5 CVE-2020-13423MISCMISCMISC atlassian — jira_server_and_data_center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. 2020-07-01 3.5 CVE-2020-4024MISC avast — avast_antivirus An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. 2020-06-29 2.1 CVE-2020-13657CONFIRMCONFIRM cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. 2020-06-30 3.5 CVE-2020-5585MISCMISC cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. 2020-06-30 3.5 CVE-2020-5586MISCMISC ibm — maximo_asset_management IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. 2020-06-26 3.5 CVE-2020-4223XFCONFIRM ibm — security_identity_manager_virtual_appliance IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. 2020-07-01 2.1 CVE-2019-4676XFCONFIRM linux — linux_kernel In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. 2020-06-29 2.1 CVE-2020-15393MISCMISC openexr — openexr An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. 2020-06-26 2.1 CVE-2020-15304MISCMISCMISCMISC openexr — openexr An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. 2020-06-26 2.1 CVE-2020-15305MISCMISCMISCMISC openexr — openexr An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. 2020-06-26 2.1 CVE-2020-15306MISCMISCMISCMISC prestashop — prestashop In PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.7.6. 2020-07-02 3.5 CVE-2020-11074MISCCONFIRM Back to top Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info mitsubishi_electric — multiple_fa_engineering_software_products Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5603MISCMISC activision — call_of_duty_modern_warfare_2 An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim’s machine. 2020-06-30 not yet calculated CVE-2019-20893MISC apache — guacamole Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. 2020-07-02 not yet calculated CVE-2020-9498MLISTMISC apache — guacamole Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. 2020-07-02 not yet calculated CVE-2020-9497MLISTMLISTMLISTMISC asrock — rgb_driver AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. 2020-06-29 not yet calculated CVE-2020-15368MISC atlassian — confluence_server_and_data_center Atlassian Confluence Server and Data Center before version 7.5.1 allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. 2020-07-01 not yet calculated CVE-2020-4027MISC atlassian — jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. 2020-07-01 not yet calculated CVE-2019-20408MISC atlassian — jira_desk_server_and_data_center The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file. 2020-07-01 not yet calculated CVE-2020-14166MISC atlassian — jira_server_and_data_center The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. 2020-07-01 not yet calculated CVE-2020-4029MISC atlassian — jira_server_and_data_center The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. 2020-07-03 not yet calculated CVE-2020-14173MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 2020-06-29 not yet calculated CVE-2019-20413N/A atlassian — jira_server_and_data_center The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. 2020-07-01 not yet calculated CVE-2020-4025MISC atlassian — jira_server_and_data_center The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability 2020-07-01 not yet calculated CVE-2020-14169MISC atlassian — jira_server_and_data_center The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application’s availability via an Denial of Service (DoS) vulnerability. 2020-07-01 not yet calculated CVE-2020-14167MISC atlassian — jira_server_and_data_center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. 2020-07-01 not yet calculated CVE-2020-4022MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1. 2020-07-03 not yet calculated CVE-2020-14172MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via an Information Disclosure vulnerability. The vulnerability is only exploitable if WebSudo is disabled in Jira. The affected versions are before version 8.4.2. 2020-07-02 not yet calculated CVE-2019-20417MISC atlassian — jira_server_and_data_center The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. 2020-07-01 not yet calculated CVE-2020-14168MISC atlassian — jira_server_and_data_center The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 2020-06-29 not yet calculated CVE-2019-20412MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. 2020-06-30 not yet calculated CVE-2019-20416N/A atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. 2020-07-03 not yet calculated CVE-2019-20419MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. 2020-07-03 not yet calculated CVE-2019-20418N/A atlassian — jira_server_and_data_center Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. 2020-06-30 not yet calculated CVE-2019-20415MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 2020-06-29 not yet calculated CVE-2019-20414MISC atlassian — jira_server_and_data_center The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. 2020-07-01 not yet calculated CVE-2020-14164MISC atlassian — jira_server_and_data_center The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. 2020-07-01 not yet calculated CVE-2020-14165MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 2020-06-29 not yet calculated CVE-2019-20411MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. 2020-06-29 not yet calculated CVE-2019-20410MISC baxter — exactamix_em2400_and_em1200_devices Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. 2020-06-29 not yet calculated CVE-2020-12020MISC baxter — exactamix_em2400_and_em1200_devices Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. 2020-06-29 not yet calculated CVE-2020-12035MISC baxter — exactamix_em2400_and_em1200_devices Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. 2020-06-29 not yet calculated CVE-2020-12032MISC baxter — exactamix_em2400_and_em1200_devices Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. 2020-06-29 not yet calculated CVE-2020-12024MISC baxter — exactamix_em_2400_and_em1200_devices Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. 2020-06-29 not yet calculated CVE-2020-12008MISC baxter — multiple_exactamix_devices Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. 2020-06-29 not yet calculated CVE-2020-12012MISC baxter — multiple_exactamix_devices Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. 2020-06-29 not yet calculated CVE-2020-12016MISC baxter — multiple_sigma_spectrum_with_wireless_battery The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. 2020-06-29 not yet calculated CVE-2020-12045MISC baxter — multiple_sigma_spectrum_with_wireless_battery The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. 2020-06-29 not yet calculated CVE-2020-12041MISC baxter — multiple_sigma_spectrum_with_wireless_battery The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. 2020-06-29 not yet calculated CVE-2020-12043MISC baxter — multiple_sigma_spectrum_with_wireless_battery The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. 2020-06-29 not yet calculated CVE-2020-12047MISC baxter — phoenix_hemodialysis_delivery_system Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool. 2020-06-29 not yet calculated CVE-2020-12048MISC baxter — prismaflex_devices Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. 2020-06-29 not yet calculated CVE-2020-12036MISC baxter — prismaflex_devices Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. 2020-06-29 not yet calculated CVE-2020-12037MISC baxter — sigma_spectrum_infusion_pumps_35700bax_and_35700bax2 Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v’s6.x model 35700BAX & Baxter Spectrum Infusion System v’s8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. 2020-06-29 not yet calculated CVE-2020-12039MISC baxter — sigma_spectrum_infusion_pumps_35700bax_and_35700bax2 Sigma Spectrum Infusion System v’s6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. 2020-06-29 not yet calculated CVE-2020-12040MISC bcrypt — bcrypt Data is truncated wrong when its length is greater than 255 bytes. 2020-07-01 not yet calculated CVE-2020-7689MISCMISCMISCMISC best_it_world — wrb303n_devices iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. 2020-06-29 not yet calculated CVE-2020-15043MISCMISC biotronik — cardiomessengerii BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure. 2020-06-29 not yet calculated CVE-2019-18248MISC biotronik — cardiomessengerii BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. 2020-06-29 not yet calculated CVE-2019-18252MISC biotronik — cardiomessengerii BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with. 2020-06-29 not yet calculated CVE-2019-18254MISC biotronik — cardiomessengerii BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit. 2020-06-29 not yet calculated CVE-2019-18256MISC biotronik — cardiomessengerii_ BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. 2020-06-29 not yet calculated CVE-2019-18246MISC broadcom — brocade_network_advisor A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. 2020-06-29 not yet calculated CVE-2018-6446MISC cabsoftware — reportexpress_proplus Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). 2020-06-29 not yet calculated CVE-2019-19160MISCMISC cake_software_foundation — cakephp CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. 2020-06-30 not yet calculated CVE-2020-15400MISC cellebrite — ufed The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data. 2020-06-30 not yet calculated CVE-2020-14474MISCMISCMISC cisco — digital_network_architecture_center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. 2020-07-02 not yet calculated CVE-2020-3391CISCO cisco — identity_services_engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials. 2020-07-02 not yet calculated CVE-2020-3340CISCO cisco — multiple_products A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2020-07-02 not yet calculated CVE-2020-3282CISCO cisco — small_business_smart_and_managed_switches A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user. 2020-07-02 not yet calculated CVE-2020-3297CISCO cisco — unified_customer_voice_portal A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device. 2020-07-02 not yet calculated CVE-2020-3402CISCO commax — cdp_1020mb_wallpad A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. 2020-06-30 not yet calculated CVE-2019-19163MISCMISC containous — traefik Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred. 2020-07-02 not yet calculated CVE-2019-20894MISC coturn — coturn In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. 2020-06-29 not yet calculated CVE-2020-4067MISCMISCCONFIRMMLISTDEBIAN cybozu — garoon Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5587MISCMISC cybozu — garoon Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5584MISCMISC cybozu — garoon Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report’s data via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5583MISCMISC cybozu — garoon Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5582MISCMISC cybozu — garoon Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5580MISCMISC delta_electronics — delta_industrial_automation_dopsoft Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. 2020-06-30 not yet calculated CVE-2020-14482MISC donjon — ledger_live Ledger Live before 2.7.0 does not handle Bitcoin’s Replace-By-Fee (RBF). It increases the user’s balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent. 2020-07-02 not yet calculated CVE-2020-12119CONFIRM envoy — envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. 2020-07-01 not yet calculated CVE-2020-8663CONFIRMMISC envoy_proxy — envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. 2020-07-01 not yet calculated CVE-2020-12605CONFIRMMISC envoy_proxy — envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. 2020-07-01 not yet calculated CVE-2020-12603CONFIRMMISC envoy_proxy — envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. 2020-07-01 not yet calculated CVE-2020-12604MISCCONFIRM express-jwt — express-jwt In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: – You are using express-jwt – You do not have **algorithms** configured in your express-jwt configuration. – You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0. 2020-06-30 not yet calculated CVE-2020-15084MISCCONFIRM f5 — big-ip In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. 2020-07-01 not yet calculated CVE-2020-5904MISC f5 — big-ip In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. 2020-07-01 not yet calculated CVE-2020-5908MISC f5 — big-ip In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display. 2020-07-01 not yet calculated CVE-2020-5905MISC f5 — big-ip In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. 2020-07-01 not yet calculated CVE-2020-5903MISC f5 — big-ip In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality. 2020-07-01 not yet calculated CVE-2020-5907MISC f5 — big-ip In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. 2020-07-01 not yet calculated CVE-2020-5906MISC factorfx — ocs_inventory OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. 2020-06-30 not yet calculated CVE-2020-14947MISCMISCMISCMISC ffjpeg — ffjpeg ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. 2020-07-01 not yet calculated CVE-2020-15470MISC github — github The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1. 2020-07-01 not yet calculated CVE-2020-5238MISCCONFIRM hcl — domino “A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher’s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.” 2020-07-01 not yet calculated CVE-2017-1712MISC hcl — inotes “HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.” 2020-07-01 not yet calculated CVE-2017-1659MISC hcl — notes HCL Notes is vulnerable to an information leakage vulnerability through its support for the ‘mailto’ protocol. This vulnerability could result in files from the user’s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected. 2020-06-26 not yet calculated CVE-2020-4089CONFIRM human_talk — daview_indy_and_dava+_and_daoffice_softwares A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. 2020-06-30 not yet calculated CVE-2020-7816CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611. 2020-06-29 not yet calculated CVE-2020-4557XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268. 2020-07-01 not yet calculated CVE-2020-4386XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989. 2020-07-01 not yet calculated CVE-2020-4414XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076. 2020-07-01 not yet calculated CVE-2020-4420XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269. 2020-07-01 not yet calculated CVE-2020-4387XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507. 2020-07-01 not yet calculated CVE-2020-4355XFCONFIRM ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960. 2020-07-01 not yet calculated CVE-2020-4363XFCONFIRM ibm — mq_and_mq_appliance_and_mq_for_hpe_nonstop IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081. 2020-07-01 not yet calculated CVE-2020-4376XFCONFIRM ifax_solutions — hylafax+_and_hylafax_enterprise In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. 2020-06-30 not yet calculated CVE-2020-15396MISCMISC ifax_solutions — hylafax+_and_hylafax_enterprise HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root). 2020-06-30 not yet calculated CVE-2020-15397MISCMISC iobit — malware_fighter_pro IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. 2020-06-30 not yet calculated CVE-2020-15401MISC jenkins — jenkins Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. 2020-07-02 not yet calculated CVE-2020-2219MLISTCONFIRM jenkins — jenkins Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. 2020-07-02 not yet calculated CVE-2020-2201MLISTCONFIRM jenkins — jenkins A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. 2020-07-02 not yet calculated CVE-2020-2215MLISTCONFIRM jenkins — jenkins A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password. 2020-07-02 not yet calculated CVE-2020-2216MLISTCONFIRM jenkins — jenkins Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. 2020-07-02 not yet calculated CVE-2020-2217MLISTCONFIRM jenkins — jenkins Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-07-02 not yet calculated CVE-2020-2209MLISTCONFIRM jenkins — jenkins Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-07-02 not yet calculated CVE-2020-2208MLISTCONFIRM jenkins — jenkins A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2020-07-02 not yet calculated CVE-2020-2202MLISTCONFIRM jenkins — jenkins Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-07-02 not yet calculated CVE-2020-2218MLISTCONFIRM jenkins — jenkins Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 2020-07-02 not yet calculated CVE-2020-2210MLISTCONFIRM jenkins — jenkins Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. 2020-07-02 not yet calculated CVE-2020-2205MLISTCONFIRM jenkins — jenkins Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. 2020-07-02 not yet calculated CVE-2020-2212MLISTCONFIRM jenkins — jenkins Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 2020-07-02 not yet calculated CVE-2020-2214MLISTCONFIRM jenkins — jenkins Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. 2020-07-02 not yet calculated CVE-2020-2213MLISTCONFIRM jenkins — jenkins Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-07-02 not yet calculated CVE-2020-2211MLISTCONFIRM jenkins — jenkins Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. 2020-07-02 not yet calculated CVE-2020-2207MLISTCONFIRM jenkins — jenkins Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. 2020-07-02 not yet calculated CVE-2020-2206MLISTCONFIRM jenkins — jenkins A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. 2020-07-02 not yet calculated CVE-2020-2203MLISTCONFIRM jenkins — jenkins A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. 2020-07-02 not yet calculated CVE-2020-2204MLISTCONFIRM journal — journal The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. 2020-07-01 not yet calculated CVE-2020-15478MISCMISCMISC klokan_technologies — tileserver_gl An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application’s main page, causing reflected XSS. 2020-07-01 not yet calculated CVE-2020-15500MISC koa-shopify-auth — koa-shopify-auth A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint. 2020-07-02 not yet calculated CVE-2020-8176MISCMISC lead_technologies — leadtools An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2020-07-01 not yet calculated CVE-2020-6089MISC libraw — libraw LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. 2020-06-28 not yet calculated CVE-2020-15365MISCMISC libraw — libraw LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. 2020-07-02 not yet calculated CVE-2020-15503MISCMISCMISC libvncserver — libvncserver It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. 2020-06-30 not yet calculated CVE-2017-18922MLISTMISCMISCMISC linkplay_technology — multiple_devices An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay’s AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. 2020-07-01 not yet calculated CVE-2019-15310MISCMISCMISC locutus — locutus php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. 2020-07-01 not yet calculated CVE-2020-13619MISCMISCMISC magento — magento XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. 2020-06-29 not yet calculated CVE-2020-12635MISCMISC maipu — mp_1800x_50_devices The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653. 2020-06-29 not yet calculated CVE-2020-13896MISC mavlink — micro_air_vehicle_link_protocol This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic. 2020-07-03 not yet calculated CVE-2020-10281CONFIRM mavlink — micro_air_vehicle_link_protocol The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. 2020-07-03 not yet calculated CVE-2020-10282CONFIRM mcafee — network_security_management Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). 2020-07-03 not yet calculated CVE-2020-7284MISC mcafee — total_protection Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7281CONFIRM mcafee — total_protection Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7282CONFIRM mcafee — total_protection Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7283CONFIRM mirumee — saleor_storefront In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser’s local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser’s local storage) after logging into Saleor Storefront. 2020-06-30 not yet calculated CVE-2020-15085MISCMISCCONFIRM misp — misp An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. 2020-06-30 not yet calculated CVE-2020-15412MISC misp — misp An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. 2020-06-30 not yet calculated CVE-2020-15411MISC mitsubishi_electric — multiple_fa_engineering_software_products Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5602MISCMISC monsta — monsta_ftp Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments. 2020-07-01 not yet calculated CVE-2020-14057MISCMISC monsta — monsta_ftp Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services. 2020-07-01 not yet calculated CVE-2020-14056MISCMISC monsta — monsta_ftp Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. 2020-07-01 not yet calculated CVE-2020-14055MISCMISC mversion — mversion The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. 2020-07-01 not yet calculated CVE-2020-7688MISCMISCMISC national_tax_agency — e-tax Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. 2020-06-30 not yet calculated CVE-2020-5601MISCMISC nedi_consulting — nedi NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.) 2020-06-29 not yet calculated CVE-2020-14412MISC nedi_consulting — nedi NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.) 2020-06-29 not yet calculated CVE-2020-14414MISC nedi_consulting — nedi NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. 2020-06-29 not yet calculated CVE-2020-14413MISC netapp — hci_h610s_baseboard_management_controller The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 the H610S BMC account password is reset to the default documented value which allows remote attackers to cause a Denial of Service (DoS). 2020-06-29 not yet calculated CVE-2020-8573MISC nextcloud — nextcloud_deck Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. 2020-07-02 not yet calculated CVE-2020-8179MISCMISC nginx — nginx In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user’s password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. 2020-07-01 not yet calculated CVE-2020-5899MISC nginx — nginx In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. 2020-07-01 not yet calculated CVE-2020-5900MISC nginx — nginx In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. 2020-07-01 not yet calculated CVE-2020-5901MISC nginx — nginx In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. 2020-07-02 not yet calculated CVE-2020-5909MISC nginx — nginx In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. 2020-07-02 not yet calculated CVE-2020-5910MISC nginx — nginx In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. 2020-07-02 not yet calculated CVE-2020-5911MISC nozomi_networks — guardian Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. 2020-06-30 not yet calculated CVE-2020-15307MISC nozomi_networks — guardian_os Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. 2020-06-30 not yet calculated CVE-2020-7049MISC ntop — ndpi In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. 2020-07-01 not yet calculated CVE-2020-15476MISCMISC ntop — ndpi In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. 2020-07-01 not yet calculated CVE-2020-15471MISC ntop — ndpi In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. 2020-07-01 not yet calculated CVE-2020-15475MISC ntop — ndpi In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. 2020-07-01 not yet calculated CVE-2020-15474MISC ntop — ndpi In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. 2020-07-01 not yet calculated CVE-2020-15473MISC ntop — ndpi In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. 2020-07-01 not yet calculated CVE-2020-15472MISC nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5968CONFIRM nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5970CONFIRM nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5969CONFIRM nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5972CONFIRM nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5971CONFIRM nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). 2020-06-30 not yet calculated CVE-2020-5973CONFIRMUBUNTUUBUNTU oauth2_proxy — oauth2_proxy In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0. 2020-06-29 not yet calculated CVE-2020-4037MISCCONFIRM objective_development_software — little_snitch Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root. 2020-06-30 not yet calculated CVE-2020-13095MISC october — october_cms In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467. 2020-07-02 not yet calculated CVE-2020-4061MISCCONFIRMMISC openbsd — openssh The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). 2020-06-29 not yet calculated CVE-2020-14145MISCMISC openjpeg — openjpeg jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. 2020-06-29 not yet calculated CVE-2020-15389MISCMISC palo_alto_networks — pan-os When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability. 2020-06-29 not yet calculated CVE-2020-2021CONFIRM persian_vip_download_script — persian_vip_download_script Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. 2020-07-01 not yet calculated CVE-2020-15468MISC phoenix_contact — pc_worx_and_pc_worx_express mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. 2020-07-01 not yet calculated CVE-2020-12498CONFIRM phoenix_contact — pc_worx_and_pc_worx_express PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. 2020-07-01 not yet calculated CVE-2020-12497CONFIRM powerdns — recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. 2020-07-01 not yet calculated CVE-2020-14196CONFIRMCONFIRM prestashop — prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server. 2020-07-02 not yet calculated CVE-2020-15080MISCCONFIRM prestashop — prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6 2020-07-02 not yet calculated CVE-2020-15079MISCCONFIRM presto — presto In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers. 2020-06-30 not yet calculated CVE-2020-15087CONFIRMMISC putty — putty PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). 2020-06-29 not yet calculated CVE-2020-14002MISCMISCMISC python — python In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. 2020-07-04 not yet calculated CVE-2020-15523MISCMISC qemu — qemu In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. 2020-07-02 not yet calculated CVE-2020-15469CONFIRMMISC qnap — kayako_service This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. 2020-07-01 not yet calculated CVE-2020-2500CONFIRM rack — rack A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. 2020-07-02 not yet calculated CVE-2020-8161MISCMISC red_hat — ceph_storage_radosgw A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. 2020-06-26 not yet calculated CVE-2020-10753SUSECONFIRMFEDORA ruby_on_rails — ruby_on_rails The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. 2020-07-02 not yet calculated CVE-2020-8163MISCMISC ruby_on_rails — ruby_on_rails A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. 2020-07-02 not yet calculated CVE-2020-8185MISCMISC ruby_on_rails — ruby_on_rails A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. 2020-07-02 not yet calculated CVE-2020-8166MISCMISC sap — solution_manager SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired. 2020-07-01 not yet calculated CVE-2020-6261MISCMISC sophos — xg_firewall Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. 2020-06-29 not yet calculated CVE-2020-15069CONFIRM squid — squid An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. 2020-06-30 not yet calculated CVE-2020-14058CONFIRMMISCMISC squid — squid An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list. 2020-06-30 not yet calculated CVE-2020-14059CONFIRMMISC squid — squid An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing “+\ “-” or an uncommon shell whitespace character prefix to the length field-value. 2020-06-30 not yet calculated CVE-2020-15049MISCMISCCONFIRM suse — multiple_products A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1. 2020-06-29 not yet calculated CVE-2020-8014CONFIRM suse — multiple_products A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1. 2020-06-29 not yet calculated CVE-2020-8019CONFIRM suse — multiple_products A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. 2020-06-29 not yet calculated CVE-2020-8022SUSECONFIRM suse — multiple_products A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1. 2020-06-29 not yet calculated CVE-2020-8024CONFIRM suse — multiple_products A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . 2020-06-29 not yet calculated CVE-2019-3681CONFIRM synacor — zimbra_collaboration_suite An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user’s profile. The injected code can be reflected and executed when changing an e-mail signature. 2020-07-02 not yet calculated CVE-2020-13653MISCCONFIRMMISCMISC tendermint — tendermint TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit. 2020-07-02 not yet calculated CVE-2020-15091MISCMISCCONFIRM thingsdk — wifi_scanner wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code. 2020-06-29 not yet calculated CVE-2020-15362MISC tibco_software — multiple_products The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. 2020-06-30 not yet calculated CVE-2020-9413CONFIRM tibco_software — multiple_products The MFT admin service component of TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. 2020-06-30 not yet calculated CVE-2020-9414CONFIRM tobesoft — cymiinstaller322 CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. 2020-06-30 not yet calculated CVE-2019-19161MISCMISC tobesoft — nexacro14/17_excommonapiv13 Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC 2020-07-02 not yet calculated CVE-2020-7820CONFIRMCONFIRM tobesoft — nexacro14/17_excommonapiv13 Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC 2020-07-02 not yet calculated CVE-2020-7821CONFIRMCONFIRM unifi — protect We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. 2020-07-02 not yet calculated CVE-2020-8188MISCMISCMISC veeam_software — veeam_availability_suite VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. 2020-07-03 not yet calculated CVE-2020-15518MISC wavlink — wl-wn530hg4_devices An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. 2020-07-01 not yet calculated CVE-2020-15489MISC wavlink — wl-wn530hg4_devices An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.) 2020-07-01 not yet calculated CVE-2020-15490MISC windows_cleaning_assistant — windows_cleaning_assistant In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD. 2020-06-30 not yet calculated CVE-2020-14957MISCMISC windows_cleaning_assistant — windows_cleaning_assistant In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA. 2020-06-30 not yet calculated CVE-2020-14956MISCMISC wordpress — wordpress The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. 2020-07-02 not yet calculated CVE-2020-14092MISCMISCMISC xrdp-sesman — xrdp-sesman The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well. 2020-06-30 not yet calculated CVE-2020-4044MISCMISCCONFIRM zolo — halo_devices An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet. 2020-07-01 not yet calculated CVE-2019-15312MISCMISCMISC zolo — halo_devices An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. 2020-07-01 not yet calculated CVE-2019-15311MISCMISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. 2020-06-29 not yet calculated CVE-2020-15315MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the [email protected] account default credentials. 2020-06-29 not yet calculated CVE-2020-15323MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. 2020-06-29 not yet calculated CVE-2020-15318MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. 2020-06-29 not yet calculated CVE-2020-15316MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. 2020-06-29 not yet calculated CVE-2020-15317MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. 2020-06-29 not yet calculated CVE-2020-15321MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. 2020-06-29 not yet calculated CVE-2020-15322MISCMISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 22, 2020
    by CISA on June 29, 2020 at 10:51 am

    Original release date: June 29, 2020  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — shiro   Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. 2020-06-22 7.5 CVE-2020-11989MISC conjur — oss_helm_chart   In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker’s privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term “isolated” refers to: – No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. – Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC). 2020-06-22 7.7 CVE-2020-4062MISCCONFIRM dmitry — deepmagic_information_gathering_tool   A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. 2020-06-19 7.5 CVE-2020-14931MISC gitlab — gitlab_community_and_enterprise_editions   A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 2020-06-19 7.8 CVE-2020-13273CONFIRMMISC mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. 2020-06-19 7.5 CVE-2016-11064CONFIRM mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. 2020-06-19 7.5 CVE-2020-14456CONFIRM mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. 2020-06-19 7.5 CVE-2019-20856CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. 2020-06-19 7.5 CVE-2017-18915CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. 2020-06-19 7.5 CVE-2017-18920CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. 2020-06-19 7.5 CVE-2018-21251CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. 2020-06-19 7.5 CVE-2017-18908CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. 2020-06-19 7.5 CVE-2017-18912CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf. 2020-06-19 7.5 CVE-2017-18885CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. 2020-06-19 7.5 CVE-2017-18888CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. 2020-06-19 7.5 CVE-2017-18900CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. 2020-06-19 7.5 CVE-2016-11074CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. 2020-06-19 7.5 CVE-2019-20881CONFIRM mergeobjects — mergeobjects   The mergeObjects utility function is susceptible to Prototype Pollution. 2020-06-19 7.5 CVE-2020-7679MISCMISCMISC qualcomm — multiple_snapdragon_products   Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 7.5 CVE-2020-3661CONFIRMMISC qualcomm — multiple_snapdragon_products   While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-06-22 7.2 CVE-2019-14047CONFIRMMISC qualcomm — multiple_snapdragon_products   kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 7.2 CVE-2019-10597CONFIRM qualcomm — multiple_snapdragon_products   Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 7.5 CVE-2020-3663CONFIRMMISC qualcomm — multiple_snapdragon_products   Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-22 7.5 CVE-2020-3662CONFIRMMISC qualcomm — multiple_snapdragon_products   Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-22 7.5 CVE-2020-3660CONFIRMMISC qualcomm — multiple_snapdragon_products   Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-06-22 7.5 CVE-2020-3614CONFIRMMISC qualcomm — multiple_snapdragon_products   Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-06-22 10 CVE-2019-14062CONFIRMMISC qualcomm — multiple_snapdragon_products   Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-06-22 7.5 CVE-2019-14073CONFIRMMISC qualcomm — multiple_snapdragon_products   Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 2020-06-22 7.5 CVE-2019-14080CONFIRMMISC qualcomm — multiple_snapdragon_products   Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 2020-06-22 7.2 CVE-2020-3613CONFIRMMISC qualcomm — snapdragon_consumer_iot   Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 2020-06-22 10 CVE-2020-3628CONFIRMMISC rtslib-fb — rtslib-fb   Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. 2020-06-19 7.5 CVE-2020-14019MISC ruby_on_rails — ruby_on_rails   A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. 2020-06-19 7.5 CVE-2020-8165MISCMISCMLIST sourcecodester — pisay_online_e-learning_system   Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. 2020-06-22 7.5 CVE-2020-14972MISCMISC squirrelmail — squirrelmail   compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. 2020-06-20 7.5 CVE-2020-14933MISC squirrelmail — squirrelmail   compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. 2020-06-20 7.5 CVE-2020-14932MISC tendenci — tendenci   Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. 2020-06-21 7.5 CVE-2020-14942MISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info aapanel — aapanel   aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. 2020-06-21 6.5 CVE-2020-14950MISC alpine — alpine   Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. 2020-06-19 5 CVE-2020-14929MISCMLIST apache — archiva   Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. 2020-06-19 5 CVE-2020-9495MISCMLISTMLISTMLISTMLISTMLIST bitdefender — total_security_2020   Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. 2020-06-22 6.8 CVE-2020-8102MISC bt_ctroms — terminal_os_port_portal_ct-464   An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. 2020-06-19 4.3 CVE-2020-14930MISCMISC dolibarr — dolibarr   A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). 2020-06-19 4.3 CVE-2020-14475MISC ec-cube — ec-cube   Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. 2020-06-19 5.5 CVE-2020-5590MISCMISCMISC fortinet — fortideceptor   An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. 2020-06-22 6.8 CVE-2020-6644CONFIRM gitlab — gitlab_community_and_enterprise_editions   User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification 2020-06-19 5 CVE-2020-13265CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions   Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link 2020-06-19 4.3 CVE-2020-13262CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions   Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token 2020-06-19 5 CVE-2020-13264CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions   User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 2020-06-19 4 CVE-2020-13276CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions   An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 2020-06-19 4 CVE-2020-13277CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions   OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow 2020-06-19 6.5 CVE-2020-13272CONFIRMMISCMISC gitlab — gitlab_enterprise_edition   A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 2020-06-19 5.5 CVE-2020-13275CONFIRMMISCMISC gogs — gogs   In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a “not the owner of the email” check. 2020-06-21 4 CVE-2020-14958MISCMISC ibm — security_secret_server   IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514. 2020-06-24 4.3 CVE-2020-4323XFCONFIRM ibm — security_secret_server   IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. 2020-06-24 4.3 CVE-2020-4413XFCONFIRM ibm — security_secret_server   IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. 2020-06-24 5 CVE-2020-4327XFCONFIRM ibm — security_secret_server   IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. 2020-06-24 5 CVE-2020-4341XFCONFIRM ibm — security_secret_server   IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. 2020-06-24 5 CVE-2020-4342XFCONFIRM ibm — security_secret_server   IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. 2020-06-24 4.3 CVE-2020-4322XFCONFIRM information_builders — webfocus_business_intelligence   In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. 2020-06-22 5.8 CVE-2020-14204MISC information_builders — webfocus_business_intelligence   WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. 2020-06-22 4.3 CVE-2020-14202MISC information_builders — webfocus_business_intelligence   WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. 2020-06-22 6.8 CVE-2020-14203MISC mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. 2020-06-19 6.8 CVE-2019-20861CONFIRM mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. 2020-06-19 4.3 CVE-2020-14455CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. 2020-06-19 4 CVE-2017-18918CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. 2020-06-19 6.4 CVE-2016-11072CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team’s slash commands. 2020-06-19 5 CVE-2019-20862CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. 2020-06-19 4.3 CVE-2017-18881CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. 2020-06-19 4.3 CVE-2016-11082CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. 2020-06-19 4.3 CVE-2016-11083CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. 2020-06-19 4.3 CVE-2016-11079CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. 2020-06-19 4.3 CVE-2017-18882CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. 2020-06-19 4.3 CVE-2016-11073CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. 2020-06-19 4.3 CVE-2016-11071CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. 2020-06-19 4.3 CVE-2016-11063CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. 2020-06-19 4 CVE-2019-20873CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. 2020-06-19 5 CVE-2017-18917CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. 2020-06-19 4.3 CVE-2017-18879CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID. 2020-06-19 4 CVE-2019-20870CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. 2020-06-19 4.3 CVE-2016-11084CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. 2020-06-19 4.3 CVE-2017-18880CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. 2020-06-19 4 CVE-2018-21260CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. 2020-06-19 4.3 CVE-2017-18909CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. 2020-06-19 4.3 CVE-2017-18892CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. 2020-06-19 4 CVE-2016-11078CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. 2020-06-19 4 CVE-2018-21253CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. 2020-06-19 4 CVE-2017-18910CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post’s appearance. 2020-06-19 4 CVE-2016-11065CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. 2020-06-19 4 CVE-2019-20879CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. 2020-06-19 4.3 CVE-2018-21249CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. 2020-06-19 5 CVE-2018-21248CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. 2020-06-19 4 CVE-2016-11081CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. 2020-06-19 4 CVE-2016-11080CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. 2020-06-19 4 CVE-2016-11077CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. 2020-06-19 4.3 CVE-2017-18877CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. 2020-06-19 4 CVE-2019-20887CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. 2020-06-19 4 CVE-2019-20890CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. 2020-06-19 4 CVE-2017-18889CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. 2020-06-19 4.3 CVE-2017-18913CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. 2020-06-19 4 CVE-2019-20878CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. 2020-06-19 4.3 CVE-2017-18907CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. 2020-06-19 4.3 CVE-2017-18904CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. 2020-06-19 4.3 CVE-2017-18921CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. 2020-06-19 6.8 CVE-2019-20841CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. 2020-06-19 5 CVE-2017-18905CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. 2020-06-19 5 CVE-2017-18899CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. 2020-06-19 5 CVE-2018-21258CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. 2020-06-19 4.3 CVE-2017-18893CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post. 2020-06-19 5 CVE-2019-20867CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. 2020-06-19 5 CVE-2017-18916CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. 2020-06-19 5 CVE-2016-11075CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. 2020-06-19 5 CVE-2017-18902CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. 2020-06-19 5 CVE-2017-18901CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. 2020-06-19 5 CVE-2016-11069CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user’s account via a crafted SAML response. 2020-06-19 6.5 CVE-2018-21263CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. 2020-06-19 5 CVE-2019-20889CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. 2020-06-19 5 CVE-2017-18898CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. 2020-06-19 6.8 CVE-2019-20865CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. 2020-06-19 5 CVE-2017-18896CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. 2020-06-19 5 CVE-2019-20857CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. 2020-06-19 5 CVE-2017-18895CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. 2020-06-19 5 CVE-2017-18919CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. 2020-06-19 5 CVE-2017-18871CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. 2020-06-19 5 CVE-2019-20847CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. 2020-06-19 5 CVE-2019-20854CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. 2020-06-19 5 CVE-2019-20855CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. 2020-06-19 5 CVE-2016-11076CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. 2020-06-19 5 CVE-2019-20886CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. 2020-06-19 6.4 CVE-2017-18911CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator’s e-mail address to members. 2020-06-19 5 CVE-2017-18887CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. 2020-06-19 5 CVE-2019-20868CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. 2020-06-19 5 CVE-2019-20875CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. 2020-06-19 5 CVE-2019-20882CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. 2020-06-19 5.8 CVE-2017-18897CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. 2020-06-19 5.8 CVE-2020-14454CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. 2020-06-19 5 CVE-2019-20874CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. 2020-06-19 5.5 CVE-2017-18894CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. 2020-06-19 5.5 CVE-2019-20876CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. 2020-06-19 5.1 CVE-2017-18903CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. 2020-06-19 5 CVE-2016-11062CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. 2020-06-19 5 CVE-2015-9548CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. 2020-06-19 5 CVE-2016-11066CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. 2020-06-19 5 CVE-2016-11068CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. 2020-06-19 5 CVE-2019-20871CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. 2020-06-19 5 CVE-2017-18914CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. 2020-06-19 5 CVE-2019-20863CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. 2020-06-19 5 CVE-2019-20859CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. 2020-06-19 5 CVE-2019-20858CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. 2020-06-19 6.5 CVE-2017-18886CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. 2020-06-19 5 CVE-2016-11067CONFIRM mutt — mutt_and_neomutt   Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a “begin TLS” response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka “response injection.” 2020-06-21 4.3 CVE-2020-14954MISCMISCMISCMISCMISCMISCDEBIANDEBIAN octopus — deploy   In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. 2020-06-19 4 CVE-2020-14470MISC php-fusion — php-fusion   A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, 2020-06-22 6.5 CVE-2020-14960MISCMISCMISC qualcomm — multiple_snapdragon_products   Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2019-14094CONFIRMMISC qualcomm — multiple_snapdragon_products   Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 6.4 CVE-2020-3658CONFIRMMISC qualcomm — multiple_snapdragon_products   Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2019-14076CONFIRMMISC qualcomm — multiple_snapdragon_products   Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 2020-06-22 4.6 CVE-2019-14091CONFIRMMISC qualcomm — multiple_snapdragon_products   Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2020-3626CONFIRMMISC qualcomm — multiple_snapdragon_products   Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2020-3635CONFIRMMISC qualcomm — multiple_snapdragon_products   Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2020-3642CONFIRMMISC qualcomm — multiple_snapdragon_products   A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150 2020-06-22 4.6 CVE-2020-3665CONFIRMMISC qualcomm — multiple_snapdragon_products   Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 4.6 CVE-2020-3676CONFIRMMISC rack — rack   A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. 2020-06-19 5 CVE-2020-8184MISCMISC red_hat — quay   A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. 2020-06-22 4.3 CVE-2019-3865CONFIRM ruby_on_rails — ruby_on_rails   A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. 2020-06-19 4.3 CVE-2020-8167MISCMISC ruby_on_rails — ruby_on_rails   A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage’s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. 2020-06-19 5 CVE-2020-8162MISCMISC ruby_on_rails — ruby_on_rails   A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. 2020-06-19 5 CVE-2020-8164MISCMISCMLIST sophos — secure_email   The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. 2020-06-22 4.3 CVE-2020-14980MISC strapi — strapi   Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. 2020-06-19 4 CVE-2020-13961MISCCONFIRMCONFIRM victor_cms — victor_cms   Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. 2020-06-22 4.3 CVE-2020-13427MISCMISC vinades — nukeviet   modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user’s password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. 2020-06-23 4.3 CVE-2020-13157MISCMISC vinades — nukeviet   clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. 2020-06-23 6.8 CVE-2020-13155MISCMISC vinades — nukeviet   modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. 2020-06-23 4.3 CVE-2020-13156MISCMISC webtareas — webtereas   The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. 2020-06-22 4.3 CVE-2020-14973MISCMISC woocommerce — woocommerce   WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. 2020-06-19 6.8 CVE-2019-20891MISCMISC wordpress — wordpress   The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. 2020-06-22 4.3 CVE-2020-13426MISCMISCMISCMISCMISCMISCMISCEXPLOIT-DB zyxel — armor_x1_wap6806_devices Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. 2020-06-22 5 CVE-2020-14461MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cms_made_simple — cms_made_simple   CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. 2020-06-19 3.5 CVE-2020-14926MISC fortinet — fortiwlc   An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. 2020-06-22 3.5 CVE-2020-9288CONFIRM global_radar — bsa_radar   The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. 2020-06-22 3.5 CVE-2020-14943MISCMISCMISC ibm — doors_next_generation   IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408. 2020-06-19 3.5 CVE-2020-4295XFCONFIRM ibm — doors_next_generation   IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. 2020-06-19 3.5 CVE-2020-4297XFCONFIRM ibm — doors_next_generation   IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141. 2020-06-19 3.5 CVE-2020-4281XFCONFIRM kordil — kordil_edms   Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. 2020-06-22 3.5 CVE-2020-13888MISCMISC linux_foundation — jaeger   Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials. 2020-06-19 2.1 CVE-2020-10750CONFIRMCONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. 2020-06-19 2.1 CVE-2019-20872CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. 2020-06-19 3.5 CVE-2016-11070CONFIRM mcafee — advanced_threat_defense   Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. 2020-06-22 2.1 CVE-2020-7262CONFIRM naviwebs — navigate_cms   Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the “Web Sites > Create > Aliases > Add” screen. 2020-06-19 3.5 CVE-2020-14927MISC paessler — prtg_network_monitor   XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. 2020-06-23 3.5 CVE-2020-14073MISCMISC qualcomm — multiple_snapdragon_products   Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 2020-06-22 2.1 CVE-2019-10626CONFIRM qualcomm — multiple_snapdragon_products   System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130 2020-06-22 2.1 CVE-2019-14092CONFIRMMISC vmware — tools_for_macos   VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. 2020-06-19 2.1 CVE-2020-3972MISC wordpress — wordpress   Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. 2020-06-22 3.5 CVE-2020-14962MISC wordpress — wordpress   Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. 2020-06-22 3.5 CVE-2020-14959MISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info academy_software_foundation — openexr   An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. 2020-06-26 not yet calculated CVE-2020-15304MISCMISCMISCMISC academy_software_foundation — openexr   An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. 2020-06-26 not yet calculated CVE-2020-15305MISCMISCMISCMISC academy_software_foundation — openexr   An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. 2020-06-26 not yet calculated CVE-2020-15306MISCMISCMISCMISC adobe — acrobat_and_acrobat_reader Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9597CONFIRM adobe — acrobat_and_acrobat_reader Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9599CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-06-25 not yet calculated CVE-2020-9592CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. 2020-06-25 not yet calculated CVE-2020-9611CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service. 2020-06-25 not yet calculated CVE-2020-9610CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-06-25 not yet calculated CVE-2020-9613CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-06-25 not yet calculated CVE-2020-9614CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass. 2020-06-25 not yet calculated CVE-2020-9615CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9608CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9594CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9612CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9598CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9595CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9609CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9602CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9607CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9600CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9601CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9593CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-06-25 not yet calculated CVE-2020-9596CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9603CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9604CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9605CONFIRM adobe — acrobat_and_acrobat_reader   Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9606CONFIRM adobe — after_effects Adobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9661CONFIRM adobe — after_effects Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9660CONFIRM adobe — after_effects Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-06-26 not yet calculated CVE-2020-3809CONFIRM adobe — after_effects Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9637CONFIRM adobe — after_effects Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9638CONFIRM adobe — after_effects Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9662CONFIRM adobe — audition Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9658CONFIRM adobe — audition Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9618CONFIRM adobe — audition Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9659CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9566CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9560CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9556CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9559CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9557CONFIRM adobe — bridge Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9558CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9562CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9565CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9564CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9563CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9561CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9553CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9554CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9555CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9568CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9569CONFIRM adobe — bridge   Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9567CONFIRM adobe — campaign_classic   Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-25 not yet calculated CVE-2020-9666CONFIRM adobe — character_animator Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9586CONFIRM adobe — coldfusion_2016_and_2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). 2020-06-26 not yet calculated CVE-2020-3767CONFIRM adobe — coldfusion_2016_and_2018   ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. 2020-06-26 not yet calculated CVE-2020-3768CONFIRM adobe — coldfusion_2016_and_2018   ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. 2020-06-26 not yet calculated CVE-2020-3796CONFIRM adobe — digital_editions Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-3798CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9626CONFIRM adobe — dng_software_development_kit Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9623CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9589CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9622CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9625CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9629CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9620CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9627CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9624CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9621CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9590CONFIRM adobe — dng_software_development_kit   Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9628CONFIRM adobe — illustrator Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9640CONFIRM adobe — illustrator Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9642CONFIRM adobe — illustrator Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9639CONFIRM adobe — illustrator Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9641CONFIRM adobe — illustrator   Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9573CONFIRM adobe — illustrator   Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9574CONFIRM adobe — illustrator   Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9575CONFIRM adobe — illustrator   Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9572CONFIRM adobe — illustrator   Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-26 not yet calculated CVE-2020-9570CONFIRM adobe — illustrator   Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9571CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9632CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9579CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9631CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9576CONFIRM adobe — magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9585CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-26 not yet calculated CVE-2020-9581CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . 2020-06-26 not yet calculated CVE-2020-9577CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts. 2020-06-26 not yet calculated CVE-2020-9587CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9578CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9580CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9583CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation. 2020-06-26 not yet calculated CVE-2020-9630CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-26 not yet calculated CVE-2020-9584CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. 2020-06-26 not yet calculated CVE-2020-9588CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. 2020-06-26 not yet calculated CVE-2020-9591CONFIRM adobe — magento   Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2020-9582CONFIRM adobe — premiere_pro Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9653CONFIRM adobe — premiere_pro Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9652CONFIRM adobe — premiere_pro Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9654CONFIRM adobe — premiere_pro   Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9616CONFIRM adobe — premiere_rush Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9656CONFIRM adobe — premiere_rush Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9657CONFIRM adobe — premiere_rush   Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-06-26 not yet calculated CVE-2020-9617CONFIRM adobe — premiere_rush   Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-06-25 not yet calculated CVE-2020-9655CONFIRM apache — activemq_artemis   A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. 2020-06-26 not yet calculated CVE-2020-10727CONFIRMMISC apache — spark   In Apache Spark 2.4.5 and earlier, a standalone resource manager’s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application’s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc). 2020-06-23 not yet calculated CVE-2020-9480CONFIRM apache — tomcat   A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. 2020-06-26 not yet calculated CVE-2020-11996CONFIRMMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLIST apache — traffic_server Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. 2020-06-24 not yet calculated CVE-2020-9494CONFIRMDEBIAN apnswift — apnswift   In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1. 2020-06-22 not yet calculated CVE-2020-4068MISCMISCMISCCONFIRM argent — recoverymanager   In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. 2020-06-25 not yet calculated CVE-2020-15302MISC artica — proxy_community_edition Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. 2020-06-22 not yet calculated CVE-2020-13158MISC artica — proxy_community_edition Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. 2020-06-22 not yet calculated CVE-2020-13159MISCMISC atlassian — jira_server_and_data_center   The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. 2020-06-23 not yet calculated CVE-2019-20409MISC atlassian — jira_server_and_data_center   Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. 2020-06-23 not yet calculated CVE-2020-4028MISC backbox — boolebox_secure_file_sharing_utility BooleBox Secure File Sharing Utility (potentially all versions) allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. 2020-06-24 not yet calculated CVE-2020-13248MISC backbox — boolebox_secure_file_sharing_utility BooleBox Secure File Sharing Utility (potentially all versions) allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. 2020-06-24 not yet calculated CVE-2020-13247MISC beaker — beaker   The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. 2020-06-26 not yet calculated CVE-2013-7489MISCMISCMISC bitrix24 — bitrix24   The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. 2020-06-24 not yet calculated CVE-2020-13483MISC bitrix24 — bitrix24   Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing ‘<meta name=”og:image” content=”‘ followed by an intranet URL. 2020-06-24 not yet calculated CVE-2020-13484MISC blogcms — blogcms pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. 2020-06-24 not yet calculated CVE-2020-15014MISC bludit — bludit Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. 2020-06-24 not yet calculated CVE-2020-15006MISC bludit — bludit Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. 2020-06-24 not yet calculated CVE-2020-15026MISC cae — compression_and_archive_extensions   The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading “..”. This allows an attacker to add or replace files system-wide. 2020-06-23 not yet calculated CVE-2020-7668MISC cae — compression_and_archive_extensions   The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading “..”. This allows an attacker to add or replace files system-wide. 2020-06-23 not yet calculated CVE-2020-7664MISC ceph — ceph   An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. 2020-06-22 not yet calculated CVE-2020-10736CONFIRMMISC ceph — ceph_object_gateway A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. 2020-06-26 not yet calculated CVE-2020-10753CONFIRM chocolate-doom — chocolate-doom_and_crispy_doom The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn’t validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server’s stack. 2020-06-22 not yet calculated CVE-2020-14983MISC crypto/authenc.c — crypto/authenc.c   A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm’s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. 2020-06-26 not yet calculated CVE-2020-10769MISCMISC dell — multiple_products   Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit. 2020-06-23 not yet calculated CVE-2020-5367CONFIRM dell — multiple_products   Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. 2020-06-23 not yet calculated CVE-2020-5345CONFIRM django-basic-auth-ip-whitelist — django-basic-auth-ip-whitelist   In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website’s server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings. 2020-06-24 not yet calculated CVE-2020-4071CONFIRMMISC docker — docker_desktop   com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. 2020-06-27 not yet calculated CVE-2020-15360MISCMISC draytek — multiple_devices Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. 2020-06-24 not yet calculated CVE-2020-14473CONFIRM draytek — multiple_devices DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote code injection/execution vulnerability. 2020-06-24 not yet calculated CVE-2020-14472CONFIRM draytek — multiple_devices   A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. 2020-06-23 not yet calculated CVE-2020-14993MISCMISCCONFIRM f-secure — safe An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. 2020-06-23 not yet calculated CVE-2020-14978MISCMISCMISC f-secure — safe   An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. 2020-06-23 not yet calculated CVE-2020-14977MISCMISCMISC freedroid — freedroidrpg An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. 2020-06-23 not yet calculated CVE-2020-14938MISCMISC freedroid — freedroidrpg An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game’s state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. 2020-06-23 not yet calculated CVE-2020-14939MISCMISC freerdp — freerdp In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-11096MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-4032MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-4033MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-11095MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-11098MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-11099MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-4031MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-11097MISCMISCCONFIRM freerdp — freerdp   In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. 2020-06-22 not yet calculated CVE-2020-4030MISCMISCCONFIRM generator-jhipster-kotlin — generator-jhipster-kotlin   In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0. 2020-06-25 not yet calculated CVE-2020-4072MISCCONFIRMMISCMISC gitlab — gitlab-vscode-extension   Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system 2020-06-22 not yet calculated CVE-2020-13279CONFIRMMISC gleamtech — fileultimate The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. 2020-06-24 not yet calculated CVE-2020-15015MISC global_radar — bsa_radar downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files. 2020-06-22 not yet calculated CVE-2020-14946MISCMISC global_radar — bsa_radar   A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data. 2020-06-22 not yet calculated CVE-2020-14945MISCMISC global_radar — bsa_radar   Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. 2020-06-22 not yet calculated CVE-2020-14944MISCMISC gns3 — ubridge GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context. 2020-06-23 not yet calculated CVE-2020-14976MISCMISCMISCMISC gnu — mailman GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. 2020-06-24 not yet calculated CVE-2020-15011MISC google — cloud_platform   A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using their membership to the “adm” group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “adm” user from the OS Login entry. 2020-06-22 not yet calculated CVE-2020-8903MISCCONFIRMMISC google — cloud_platform   A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using the membership to the “lxd” group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “lxd” user from the OS Login entry. 2020-06-22 not yet calculated CVE-2020-8933MISCCONFIRMMISC google — cloud_platform   A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using their membership to the “docker” group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “docker” user from the OS Login entry. 2020-06-22 not yet calculated CVE-2020-8907MISCCONFIRMMISC hcl — notes HCL Notes is vulnerable to an information leakage vulnerability through its support for the ‘mailto’ protocol. This vulnerability could result in files from the user’s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected. 2020-06-26 not yet calculated CVE-2020-4089CONFIRM honeywell — controledge_plc_and_rtu ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. 2020-06-26 not yet calculated CVE-2020-10628MISC honeywell — controledge_plc_and_rtu ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. 2020-06-26 not yet calculated CVE-2020-10624MISC ibm — maximo_asset_management   IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. 2020-06-26 not yet calculated CVE-2019-4650XFCONFIRM ibm — maximo_asset_management   IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. 2020-06-26 not yet calculated CVE-2020-4223XFCONFIRM ibm — security_guardium   IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. 2020-06-23 not yet calculated CVE-2020-4188XFCONFIRM ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. 2020-06-26 not yet calculated CVE-2020-4565XFCONFIRM id_software — id_tech_1 A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. 2020-06-24 not yet calculated CVE-2020-15007MISCMISC idrive — idrive   IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service’s binary with a malicious one. 2020-06-26 not yet calculated CVE-2020-15351MISCMISC iobit — advanced_systemcare_free   IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. 2020-06-22 not yet calculated CVE-2020-14990MISCMISC iobit — unlocker The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. 2020-06-23 not yet calculated CVE-2020-14974MISCMISC iobit — unlocker The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. 2020-06-23 not yet calculated CVE-2020-14975MISCMISC jiangmin — jiangmin_antivirus   In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. 2020-06-26 not yet calculated CVE-2020-14955MISC johnson_controls — exacqvision A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. 2020-06-26 not yet calculated CVE-2020-9047CONFIRMCERT jsrsasign — jsrsasign   An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending ‘\0’ bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues. 2020-06-22 not yet calculated CVE-2020-14967MISCMISCMISCMISCMISC jsrsasign — jsrsasign   An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending ‘\0’ bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues. 2020-06-22 not yet calculated CVE-2020-14968MISCMISCMISCMISCMISC jsrsasign — jsrsasign   An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and ‘0’ characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. 2020-06-22 not yet calculated CVE-2020-14966MISCMISCMISCMISCMISC kordil — kordil_edms documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. 2020-06-22 not yet calculated CVE-2020-13887MISCMISC limdu — limdu In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95. 2020-06-22 not yet calculated CVE-2020-4066CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. 2020-06-26 not yet calculated CVE-2020-13891CONFIRM mediawiki — mediawiki In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. 2020-06-24 not yet calculated CVE-2020-15005CONFIRMCONFIRMCONFIRMCONFIRMMISC misp — misp   app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. 2020-06-22 not yet calculated CVE-2020-14969MISC mitsubishi_electric — multiple_central_processing_units   Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. 2020-06-23 not yet calculated CVE-2020-5594MISCMISCMISC mobile_industrial_robots — mir100_and_mir200_robots   One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000. 2020-06-24 not yet calculated CVE-2020-10269CONFIRM mobile_industrial_robots — mir100_and_mir200_robots   Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it’s possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. 2020-06-24 not yet calculated CVE-2020-10270CONFIRM mobile_industrial_robots — multiple_controllers   MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. 2020-06-24 not yet calculated CVE-2020-10279CONFIRM mobile_industrial_robots — multiple_controllers   MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data. 2020-06-24 not yet calculated CVE-2020-10273CONFIRM mobile_industrial_robots — multiple_robots The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. 2020-06-24 not yet calculated CVE-2020-10280CONFIRM mobile_industrial_robots — multiple_robots There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. 2020-06-24 not yet calculated CVE-2020-10277CONFIRM mobile_industrial_robots — multiple_robots The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data. 2020-06-24 not yet calculated CVE-2020-10275CONFIRM mobile_industrial_robots — multiple_robots   The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. 2020-06-24 not yet calculated CVE-2020-10276CONFIRM mobile_industrial_robots — multiple_robots   MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR’s operations are centered around the framework (ROS). 2020-06-24 not yet calculated CVE-2020-10271CONFIRM mobile_industrial_robots — multiple_robots   MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. 2020-06-24 not yet calculated CVE-2020-10272CONFIRM mobile_industrial_robots — multiple_robots   The BIOS onboard MiR’s Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. 2020-06-24 not yet calculated CVE-2020-10278CONFIRM mobile_industrial_robots — multiple_robots   The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot’s database. 2020-06-24 not yet calculated CVE-2020-10274CONFIRM naviwebs — navigate_cms   An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. 2020-06-24 not yet calculated CVE-2020-14014MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users. 2020-06-24 not yet calculated CVE-2020-14016MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id). 2020-06-24 not yet calculated CVE-2020-14015MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session. 2020-06-24 not yet calculated CVE-2020-14017MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. 2020-06-24 not yet calculated CVE-2020-14018MISC nedi_consulting — nedi NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. 2020-06-26 not yet calculated CVE-2020-15016MISC nedi_consulting — nedi NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. 2020-06-26 not yet calculated CVE-2020-15017MISC net-snmp — net-snmp   net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. 2020-06-25 not yet calculated CVE-2019-20892MLISTMISCMISCMISCMISC network_time_foundation — network_time_protocol ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. 2020-06-24 not yet calculated CVE-2020-15025MISCMISCMISC node-traceroute — node-traceroute   The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. 2020-06-25 not yet calculated CVE-2018-21268MISCMISCMISCMISCMISCMISCMISCMISC nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. 2020-06-25 not yet calculated CVE-2020-5964CONFIRM nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service. 2020-06-25 not yet calculated CVE-2020-5965CONFIRM nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges. 2020-06-25 not yet calculated CVE-2020-5966CONFIRM nvidia — windows_gpu_display_driver NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. 2020-06-25 not yet calculated CVE-2020-5967CONFIRM nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure. 2020-06-25 not yet calculated CVE-2020-5963CONFIRM nvidia — windows_gpu_display_driver   NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. 2020-06-24 not yet calculated CVE-2020-5962CONFIRM openfind — mailgates   Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. 2020-06-23 not yet calculated CVE-2020-12782CONFIRM osisoft — pi_web_api_2019   In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. 2020-06-23 not yet calculated CVE-2020-12021MISC packet_tide — expressengine   ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least). 2020-06-24 not yet calculated CVE-2020-13443MISCMISC philips — multiple_products   In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. 2020-06-26 not yet calculated CVE-2020-14477MISC php-fusion — php-fusion PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. 2020-06-24 not yet calculated CVE-2020-15041MISC pi-hole — pi-hole   Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. 2020-06-23 not yet calculated CVE-2020-14971MISCCONFIRMCONFIRMCONFIRM pillow — pillow Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c. 2020-06-25 not yet calculated CVE-2020-10177MISCMISCMISCMISCMISC pillow — pillow   In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c. 2020-06-25 not yet calculated CVE-2020-10379MISCMISCMISCMISCMISC pillow — pillow   In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. 2020-06-25 not yet calculated CVE-2020-11538MISCMISCMISCMISC pillow — pillow   In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multiple out-of-bounds reads via a crafted JP2 file. 2020-06-25 not yet calculated CVE-2020-10994MISCMISCMISCMISCMISC pillow — pillow   In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. 2020-06-25 not yet calculated CVE-2020-10378MISCMISCMISCMISCMISC playsms — playsms playSMS through 1.4.3 is vulnerable to session fixation. 2020-06-24 not yet calculated CVE-2020-15018MISC portland_labs — concrete5   Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. 2020-06-22 not yet calculated CVE-2020-14961MISCMISC rakuten — viber_for_windows   Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569. 2020-06-22 not yet calculated CVE-2020-14049MISCMISC rapid7 — metasploit_pro   Cross-site Scripting (XSS) vulnerability in the ‘notes’ field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated ‘host’ field of a discovered scan asset. 2020-06-25 not yet calculated CVE-2020-7355MISCCONFIRM rapid7 — metasploit_pro   Cross-site Scripting (XSS) vulnerability in the ‘host’ field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated ‘notes’ field of a discovered scan asset. 2020-06-25 not yet calculated CVE-2020-7354MISCCONFIRM red_hat — cloudforms_management_engine   A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. 2020-06-22 not yet calculated CVE-2019-14894CONFIRM red_hat — jboss_keycloak A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients. 2020-06-22 not yet calculated CVE-2020-1727CONFIRM red_hat — wildfly   A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. 2020-06-22 not yet calculated CVE-2020-10740CONFIRM rockwell_automation — factorytalk_services_platform In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. 2020-06-23 not yet calculated CVE-2020-12033MISC sane — backends A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. 2020-06-24 not yet calculated CVE-2020-12865CONFIRMMISC sane — backends   An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. 2020-06-24 not yet calculated CVE-2020-12864CONFIRMMISC sane — backends   A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. 2020-06-24 not yet calculated CVE-2020-12866CONFIRMMISC sane — backends   An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. 2020-06-24 not yet calculated CVE-2020-12863CONFIRMMISC sane — backends   A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. 2020-06-24 not yet calculated CVE-2020-12861CONFIRMMISC sane — backends   An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. 2020-06-24 not yet calculated CVE-2020-12862CONFIRMMISC sas_institute — go-rpmutils   The CPIO extraction functionality doesn’t sanitize the paths of the archived files for leading and non-leading “..” which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. 2020-06-24 not yet calculated CVE-2020-7667CONFIRMCONFIRM secureauth — secureauth_idp SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. 2020-06-25 not yet calculated CVE-2020-9437MISCMISCMISC semtech — lora_basics_station In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4. 2020-06-22 not yet calculated CVE-2020-4060CONFIRM semtech — loramac-node In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4. 2020-06-23 not yet calculated CVE-2020-11068MISCCONFIRM shenzhen_tenda _technology — pa6_wi-fi_powerline_extender Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the “homeplugd” process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. 2020-06-25 not yet calculated CVE-2019-19506MISC shenzhen_tenda _technology — pa6_wi-fi_powerline_extender Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the “Wireless” section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. 2020-06-25 not yet calculated CVE-2019-19505MISC shenzhen_tenda _technology — pa6_wi-fi_powerline_extender Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. 2020-06-25 not yet calculated CVE-2019-16213MISC solarwinds — orion Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. 2020-06-24 not yet calculated CVE-2020-14005MISC solarwinds — orion Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. 2020-06-24 not yet calculated CVE-2020-14006MISC solarwinds — orion Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. 2020-06-24 not yet calculated CVE-2020-14007MISC sqlite — sqlite   In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. 2020-06-27 not yet calculated CVE-2020-15358MISCMISCMISC stash — stash Stash 1.0.3 allows SQL Injection via the downloadmp3.php download parameter. 2020-06-26 not yet calculated CVE-2020-15311MISC supermicro — x10drh-it_motherboards The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. 2020-06-24 not yet calculated CVE-2020-15046MISC support_incident_tracker_project — sit! Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. 2020-06-26 not yet calculated CVE-2020-15308MISC taxguitar — taxguitar An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. 2020-06-23 not yet calculated CVE-2020-14940MISCMISC tinxy — door_lock_devices Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled. 2020-06-23 not yet calculated CVE-2020-9438MISC tp-link — tl-wr740n_and_tl-wr740nd_devices   On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. 2020-06-23 not yet calculated CVE-2020-14965MISC trojita_project — trojita MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. 2020-06-25 not yet calculated CVE-2020-15047MISCMISC unisys — stealth   In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. 2020-06-22 not yet calculated CVE-2020-12053CONFIRM verint — workforce_optimization   Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the “send email” feature. 2020-06-22 not yet calculated CVE-2020-13480MISCMISCMISC vipre — password_vault_app The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. 2020-06-22 not yet calculated CVE-2020-14981MISC winmagic — securedoc The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution. 2020-06-22 not yet calculated CVE-2020-11519CONFIRM winmagic — securedoc   The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution. 2020-06-22 not yet calculated CVE-2020-11520CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor’s memory. Additional conditions beyond the attacker’s control need to be present for exploitation to be possible. 2020-06-25 not yet calculated CVE-2020-3964CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. 2020-06-25 not yet calculated CVE-2020-3966CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. 2020-06-25 not yet calculated CVE-2020-3967CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine’s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. 2020-06-25 not yet calculated CVE-2020-3968CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. 2020-06-24 not yet calculated CVE-2020-3969CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine’s vmx process leading to a partial denial of service condition. 2020-06-25 not yet calculated CVE-2020-3970CONFIRM wmware — esxi_and_workstation_and_fusion VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. 2020-06-25 not yet calculated CVE-2020-3965CONFIRM wmware — esxi_and_workstation_and_fusion   VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. 2020-06-25 not yet calculated CVE-2020-3971CONFIRM wmware — esxi_and_workstation_and_fusion   VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. 2020-06-25 not yet calculated CVE-2020-3963CONFIRM wmware — esxi_and_workstation_and_fusion   VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. 2020-06-24 not yet calculated CVE-2020-3962CONFIRM wolfssl — wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a “projective coordinates leak.” 2020-06-25 not yet calculated CVE-2020-11735CONFIRMCONFIRM wordpress — wordpress The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. 2020-06-24 not yet calculated CVE-2020-15038MISCMISCMISCMISC wordpress — wordpress   An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. 2020-06-24 not yet calculated CVE-2020-13700MISCMISCMISC world_wide_web_consortium — css_validator   In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9. 2020-06-22 not yet calculated CVE-2020-4070MISCCONFIRM xiaomi — mi_jia_printer   An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. 2020-06-24 not yet calculated CVE-2020-10561CONFIRM xiaomi — r3600_rom_router An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. 2020-06-24 not yet calculated CVE-2020-11959CONFIRM xiaomi — r3600_rom_router   Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS 2020-06-24 not yet calculated CVE-2020-11960CONFIRM xiaomi — r3600_rom_router   Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication 2020-06-24 not yet calculated CVE-2020-11961CONFIRM xiaomi — r3600_rom_router   In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. 2020-06-24 not yet calculated CVE-2020-14094CONFIRM xiaomi — r3600_rom_router   In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. 2020-06-24 not yet calculated CVE-2020-14095CONFIRM zte — u31r20_device   The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 2020-06-24 not yet calculated CVE-2020-6870CONFIRM zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. 2020-06-26 not yet calculated CVE-2020-15348MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. 2020-06-26 not yet calculated CVE-2020-15336MISCMISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. 2020-06-26 not yet calculated CVE-2020-15335MISCMISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 15, 2020
    by CISA on June 22, 2020 at 10:33 am

    Original release date: June 22, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adns — adns   An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. 2020-06-18 7.5 CVE-2017-9105MISCCONFIRMCONFIRM adns — adns   An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. 2020-06-18 7.5 CVE-2017-9104SUSEMISCCONFIRMCONFIRM adobe — flash_player   Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 10 CVE-2020-9633CONFIRMGENTOO advantech — webaccess_node   WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. 2020-06-15 7.5 CVE-2020-12019MISC geovision — door_access_control_devices GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. 2020-06-12 10 CVE-2020-3928MISC ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. 2020-06-15 10 CVE-2020-4469XFCONFIRMMISC ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. 2020-06-15 7.5 CVE-2020-4216XFCONFIRMMISC lansweeper — lansweeper   Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless “Built-in admin” is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. 2020-06-15 7.5 CVE-2020-14011MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. 2020-06-17 7.5 CVE-2020-14402MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. 2020-06-17 7.5 CVE-2020-14405MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. 2020-06-17 7.5 CVE-2020-14404MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. 2020-06-17 7.5 CVE-2020-14401MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. 2020-06-17 7.5 CVE-2020-14403MISCMISC meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. 2020-06-15 7.5 CVE-2020-14033MISCMISCCONFIRM meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. 2020-06-15 7.5 CVE-2020-14034MISCMISCCONFIRM naviwebs — navigate_cms   The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. 2020-06-15 7.5 CVE-2020-14067MISC netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. 2020-06-18 7.7 CVE-2020-14434CONFIRM pcre — perl_compatible_regular_expression   libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. 2020-06-15 7.5 CVE-2020-14155MISCMISC schneider_electric — easergy_t300_devices   A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. 2020-06-16 9 CVE-2020-7505MISC schneider_electric — easergy_t300_devices   A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. 2020-06-16 7.5 CVE-2020-7512MISC schneider_electric — ecostruxure_operator_terminal_expert   A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. 2020-06-16 7.5 CVE-2020-7497MISC suse — opensuse_leap   An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. 2020-06-18 7.5 CVE-2017-9103SUSEMISCCONFIRMCONFIRM suse — opensuse_leap   An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. 2020-06-18 7.5 CVE-2017-9109SUSEMISCCONFIRMCONFIRM treck — transmission_control_protocol_internet_protocol_stack The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. 2020-06-17 10 CVE-2020-11897MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. 2020-06-17 7.5 CVE-2020-11902MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. 2020-06-17 9.3 CVE-2020-11901MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. 2020-06-17 7.5 CVE-2020-11904MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack    The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. 2020-06-17 9.3 CVE-2020-11896MISCCISCOMISCMISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. 2020-06-15 7.5 CVE-2020-14080MISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. 2020-06-15 9 CVE-2020-14081MISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. 2020-06-15 9 CVE-2020-14075MISCMISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adns — adns   An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack. 2020-06-18 5 CVE-2017-9107MISCCONFIRMCONFIRM adns — adns   An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn’t, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type. 2020-06-18 5 CVE-2017-9106MISCCONFIRMCONFIRM adns — adns   An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. 2020-06-18 5 CVE-2017-9108MISCCONFIRMCONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 4.3 CVE-2020-9647CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 4.3 CVE-2020-9648CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 4.3 CVE-2020-9651CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-12 5 CVE-2020-9645CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-12 5 CVE-2020-9643CONFIRM adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 6.8 CVE-2020-9634CONFIRM adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 6.8 CVE-2020-9635CONFIRM adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 6.8 CVE-2020-9636CONFIRM apsis — pound   Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. 2020-06-15 6.4 CVE-2018-21245MISC cacti — cacti A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. 2020-06-17 6.5 CVE-2020-14295MISC d-link — dsl-2750u_devices   D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. 2020-06-15 4.6 CVE-2020-13150MISCMISC digdash — digdash_enterprise   An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. 2020-06-15 4.3 CVE-2020-13652MISC geovision — door_access_control_device   GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. 2020-06-12 4.3 CVE-2020-3929MISC gnu — bison   GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). 2020-06-15 5 CVE-2020-14150MISCMISC huawei — fusionaccess   FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. 2020-06-15 4 CVE-2020-1825MISC huawei — multiple_products   Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. 2020-06-15 4 CVE-2020-9075MISC huawei — multiple_smartphones   HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. 2020-06-15 4 CVE-2020-9076MISC huawei — p30_smartphones   HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. 2020-06-15 4.6 CVE-2020-1813MISC ibm — mq_and_mq_appliance_devices   IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. 2020-06-16 5 CVE-2020-4310XFCONFIRM ibm — spectrum_protect_client   IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. 2020-06-15 5 CVE-2020-4494XFCONFIRM ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. 2020-06-15 6.4 CVE-2020-4471XFCONFIRMMISC ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. 2020-06-15 6 CVE-2020-4470XFCONFIRMMISC ibm — spectrum_protect_plus   IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. 2020-06-15 4 CVE-2020-4477XFCONFIRM icinga — icinga2   An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. 2020-06-12 4.6 CVE-2020-14004CONFIRMMISCMISCMISCMISC ijg — libipeg   In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds array read for certain table pointers. 2020-06-15 5.8 CVE-2020-14153MISCMISC ijg — libipeg   In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cjpeg mishandles EOF. 2020-06-15 5.8 CVE-2020-14151MISCMISC ijg — libipeg   In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. 2020-06-15 5.8 CVE-2020-14152MISCMISC intel — active_management_technology   Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-06-15 5 CVE-2020-0540MISC intel — active_management_technology   Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. 2020-06-15 5 CVE-2020-0538MISC intel — active_management_technology   Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. 2020-06-15 4 CVE-2020-0537MISC libvncserver — libvncserver An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. 2020-06-17 5 CVE-2020-14398MISCMISC libvncserver — libvncserver An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. 2020-06-17 5 CVE-2020-14396MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. 2020-06-17 5 CVE-2020-14400MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. 2020-06-17 5 CVE-2018-21247MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. 2020-06-17 5 CVE-2019-20840MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. 2020-06-17 5 CVE-2020-14397MISCMISC libvncserver — libvncserver   An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. 2020-06-17 5 CVE-2020-14399MISCMISC libvncserver — libvncserver   libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. 2020-06-17 5 CVE-2019-20839MISCMISC lignum_computing — libemf ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. 2020-06-15 4.3 CVE-2020-13999MISCMISCMISCMISC mattermost — mattermost_server An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the “get channel by name” API, aka MMSA-2020-0004. 2020-06-19 5 CVE-2020-14458CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. 2020-06-19 5 CVE-2020-14453CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. 2020-06-19 5 CVE-2020-14459CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. 2020-06-19 5 CVE-2020-14450CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. 2020-06-19 5 CVE-2020-14447CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. 2020-06-19 4.3 CVE-2019-20844CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. 2020-06-19 5 CVE-2020-14452CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. 2020-06-19 5 CVE-2019-20888CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. 2020-06-19 5 CVE-2020-14457CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. 2020-06-19 5 CVE-2020-14448CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. 2020-06-19 5 CVE-2018-21262CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. 2020-06-19 5 CVE-2019-20885CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph. 2020-06-19 5 CVE-2019-20880CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. 2020-06-19 5 CVE-2019-20877CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. 2020-06-19 5 CVE-2019-20845CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. 2020-06-19 5 CVE-2019-20843CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. 2020-06-19 6.5 CVE-2019-20842CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. 2020-06-19 5 CVE-2019-20884CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. 2020-06-19 5 CVE-2019-20846CONFIRM micro_focus — arcsight_enterprise_security_manager   Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. 2020-06-16 4.3 CVE-2020-9522MISC micro_focus — arcsight_logger   Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. 2020-06-12 4.3 CVE-2020-11839MISC micro_focus — arcsight_management_center   Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. 2020-06-16 4 CVE-2020-11840MISC micro_focus — arcsight_management_center   Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. 2020-06-16 4 CVE-2020-11841MISC mutt — mutt   Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. 2020-06-15 4.3 CVE-2020-14093MISCMISCDEBIAN netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14439CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14441CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14438CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14440CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14429CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14437CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14436CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104. 2020-06-18 5.8 CVE-2020-14435CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 5.8 CVE-2020-14442CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25. 2020-06-18 5.2 CVE-2020-14433CONFIRM open-xchange — ox_app_suite OX App Suite through 7.10.3 has Improper Input Validation. 2020-06-16 5 CVE-2020-8543MISCMISC open-xchange — ox_app_suite   OX App Suite through 7.10.3 allows SSRF. 2020-06-16 4 CVE-2020-8544MISCMISC open-xchange — ox_app_suite   OX App Suite through 7.10.3 allows XXE attacks. 2020-06-16 4 CVE-2020-8541MISCMISC open-xchange — ox_guard   OX Guard 2.10.3 and earlier allows SSRF. 2020-06-15 4 CVE-2020-9427MISCMISCMISC open-xchange — ox_guard   OX Guard 2.10.3 and earlier allows XSS. 2020-06-15 4.3 CVE-2020-9426MISCMISCMISC open_microscopy_environment — omero In OMERO before 5.6.1, group owners can access members’ data in other groups. 2020-06-17 5.5 CVE-2020-6752CONFIRM openstack — mistral A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. 2020-06-15 4 CVE-2018-16848MISCMISC red_hat — openshift_api_server   A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. 2020-06-12 6 CVE-2020-10752CONFIRMCONFIRM santize_gem_for_ruby_on_rails — santize_gem_for_ruby_on_rails   In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize’s “relaxed” config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize’s relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. 2020-06-16 6.8 CVE-2020-4054MISCMISCCONFIRM schneider-electric — ecostruxure_operator_terminal_expert   A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. 2020-06-16 4.3 CVE-2020-7495MISC schneider_electric — easergy_t300_devices A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. 2020-06-16 5 CVE-2020-7507MISC schneider_electric — easergy_t300_devices   A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. 2020-06-16 5 CVE-2020-7513MISC schneider_electric — easergy_t300_devices   A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. 2020-06-16 5 CVE-2020-7506MISC schneider_electric — easergy_t300_devices   A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. 2020-06-16 5 CVE-2020-7504MISC schneider_electric — easergy_t300_devices   A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. 2020-06-16 6.5 CVE-2020-7509MISC schneider_electric — easergy_t300_devices   A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. 2020-06-16 5 CVE-2020-7510MISC schneider_electric — easergy_t300_devices   A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. 2020-06-16 5 CVE-2020-7508MISC schneider_electric — easergy_t300_devices   A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. 2020-06-16 6.8 CVE-2020-7503MISC schneider_electric — easergy_t300_devices   A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. 2020-06-16 5 CVE-2020-7511MISC schneider_electric — ecostruxture_operator_terminal_expert   A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file. 2020-06-16 6.8 CVE-2020-7496MISC schneider_electric — ecostruxture_operator_terminal_expert   A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. 2020-06-16 6.8 CVE-2020-7494MISC schneider_electric — ecostruxture_operator_terminal_expert   A CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. 2020-06-16 6.8 CVE-2020-7493MISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. 2020-06-17 5 CVE-2020-11913MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. 2020-06-17 5 CVE-2020-11911MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. 2020-06-17 5.8 CVE-2020-11906MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. 2020-06-17 4.8 CVE-2020-11899MISCCISCOCONFIRMMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. 2020-06-17 5 CVE-2020-11910MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. 2020-06-17 5 CVE-2020-11909MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. 2020-06-17 5.8 CVE-2020-11907MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. 2020-06-17 6.4 CVE-2020-11900MISCCISCOCONFIRMMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. 2020-06-17 6.4 CVE-2020-11898MISCCISCOMISCMISCMISC trendnet — tew-827dru_devices TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. 2020-06-15 6.5 CVE-2020-14078MISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. 2020-06-15 6.5 CVE-2020-14074MISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. 2020-06-15 6.5 CVE-2020-14076MISCMISCMISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. 2020-06-15 6.5 CVE-2020-14077MISCMISC trendnet — tew-827dru_devices   TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. 2020-06-15 6.5 CVE-2020-14079MISCMISCMISCMISC vmware — horizon_client_for_windows   VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. 2020-06-15 4.6 CVE-2020-3961MISC wordpress — wordpress The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. 2020-06-15 6.8 CVE-2019-19109MISC wordpress — wordpress   The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. 2020-06-15 4.3 CVE-2019-19111MISC wordpress — wordpress   The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. 2020-06-15 4.3 CVE-2019-19112MISC zoho — manageengine_servicedesk   Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. 2020-06-12 5 CVE-2020-14048MISCMISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 3.5 CVE-2020-9644CONFIRM caldera — caldera CALDERA 2.7.0 allows XSS via the Operation Name box. 2020-06-19 3.5 CVE-2020-14462MISC chownr — chownr A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. 2020-06-15 1.9 CVE-2017-18869MISCMISCMISCMISC geovision — door_access_control_device   GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. 2020-06-12 2.1 CVE-2020-3930MISC huawei — mate_30_smartphones   HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. 2020-06-18 3.3 CVE-2020-1835MISC huawei — p30_and_p30_pro_smartphones   HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. 2020-06-18 2.1 CVE-2020-1834MISC ibm — api_connect   IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. 2020-06-12 3.5 CVE-2020-4251XFCONFIRM ibm — spectrum_protect_client   IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. 2020-06-15 3.5 CVE-2020-4406XFCONFIRM kumbiaphp — kumbiaphp   KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. 2020-06-15 3.5 CVE-2020-14146MISCMISC linux — linux_kernel   A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. 2020-06-12 3.6 CVE-2020-10732SUSECONFIRMMISCMISCMISCMISCMISC mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. 2020-06-19 3.5 CVE-2019-20883CONFIRM micros_focus — arcsight_management_center   Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. 2020-06-16 3.5 CVE-2020-11838MISC netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 3.3 CVE-2020-14428CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 3.3 CVE-2020-14427CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 3.3 CVE-2020-14430CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. 2020-06-18 3.3 CVE-2020-14426CONFIRM netgear — multiple_devices   Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 3.3 CVE-2020-14431CONFIRM open-xchange — ox_app_suite   OX App Suite through 7.10.3 allows XSS. 2020-06-16 3.5 CVE-2020-8542MISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. 2020-06-17 3.3 CVE-2020-11903MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 4.7.1.27 mishandles ‘\0’ termination in DHCP. 2020-06-17 3.3 CVE-2020-11908MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. 2020-06-17 3.3 CVE-2020-11912MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. 2020-06-17 3.3 CVE-2020-11914MISCCISCOMISCMISCMISC treck — transmission_control_protocol_internet_protocol_stack   The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. 2020-06-17 3.3 CVE-2020-11905MISCCISCOCONFIRMMISCMISCMISC wordpress — wordpress   The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. 2020-06-15 3.5 CVE-2019-19110MISC wordpress — wordpress   In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 3.5 CVE-2020-4049MISCCONFIRMMISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info aapanel — aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. 2020-06-18 not yet calculated CVE-2020-14421MISCMISC abus — secvest_fube50001_device The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. 2020-06-17 not yet calculated CVE-2020-14157MISCMISC agentejo — cockpit An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page’s content, creating a Reflected XSS attack vector. 2020-06-17 not yet calculated CVE-2020-14408MISC alpine — alpine   Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. 2020-06-19 not yet calculated CVE-2020-14929MISC apache — archiva   Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. 2020-06-19 not yet calculated CVE-2020-9495MISCMLISTMLISTMLISTMLISTMLIST apache — karaf   In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an “admin” can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a “viewer” role. In the ‘etc/jmx.acl.cfg’, such as role can call get*. It’s possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as “viewer” doesn’t have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a “viewer” role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it’s possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer. 2020-06-12 not yet calculated CVE-2020-11980MISC apache — tomee   If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 – 8.0.1, Apache TomEE 7.1.0 – 7.1.2, Apache TomEE 7.0.0-M1 – 7.0.7, Apache TomEE 1.0.0 – 1.7.5. 2020-06-15 not yet calculated CVE-2020-11969MISCMLIST arm — mbed_os Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors. 2020-06-18 not yet calculated CVE-2020-12883CONFIRMMISCMISCMISC arm — mbed_os An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop’s exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption. 2020-06-18 not yet calculated CVE-2020-12885CONFIRMMISC arm — mbed_os   A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made. 2020-06-18 not yet calculated CVE-2020-12884CONFIRMMISC arm — mbed_os   A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur. 2020-06-18 not yet calculated CVE-2020-12886CONFIRMMISC arm — mbed_os   Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed. 2020-06-18 not yet calculated CVE-2020-12887CONFIRMMISCMISCMISC beckhoff _automation — twincat_drivers   Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device. 2020-06-16 not yet calculated CVE-2020-12494CONFIRM bt_ctroms — terminal_os_port_portal_ct-464   An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. 2020-06-19 not yet calculated CVE-2020-14930MISCMISC cisco — 7800_and_8800_series_ip_phones   A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. 2020-06-18 not yet calculated CVE-2020-3360CISCO cisco — amp_for_endpoints_and_clamav   A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. 2020-06-18 not yet calculated CVE-2020-3350CISCO cisco — asr_5000_series_aggregation_routers   A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. 2020-06-18 not yet calculated CVE-2020-3244CISCO cisco — asyncos_and_email_security_appliance   A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. 2020-06-18 not yet calculated CVE-2020-3368CISCO cisco — data_center_network_manager   A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-06-18 not yet calculated CVE-2020-3356CISCO cisco — data_center_network_manager   A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. 2020-06-18 not yet calculated CVE-2020-3355CISCO cisco — data_center_network_manager   A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. 2020-06-18 not yet calculated CVE-2020-3354CISCO cisco — enterprise_nfv_infrastructure_software A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device. 2020-06-18 not yet calculated CVE-2020-3236CISCO cisco — ios_xr   A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. 2020-06-18 not yet calculated CVE-2020-3364CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3289CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3276CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3277CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3288CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3275CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3278CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3287CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3274CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3286CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3293CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3279CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3296CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3290CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-18 not yet calculated CVE-2020-3268CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-18 not yet calculated CVE-2020-3269CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3295CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3294CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3292CISCO cisco — multiple_routers   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. 2020-06-18 not yet calculated CVE-2020-3291CISCO cisco — network_services_orchestrator   A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only. 2020-06-18 not yet calculated CVE-2020-3362CISCO cisco — smart_software_manager_on-prem   A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts. 2020-06-18 not yet calculated CVE-2020-3245CISCO cisco — telepresence_collaboration_endpoint__and_roomos A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS. 2020-06-18 not yet calculated CVE-2020-3336CISCO cisco — ucs_director   A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device. 2020-06-18 not yet calculated CVE-2020-3242CISCO cisco — ucs_director   A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device. 2020-06-18 not yet calculated CVE-2020-3241CISCO cisco — umbrella   A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. 2020-06-18 not yet calculated CVE-2020-3337CISCO cisco — webex_meetings_and_webex_meetings_server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. 2020-06-18 not yet calculated CVE-2020-3361CISCO cisco — webex_meetings_desktop_app   A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. 2020-06-18 not yet calculated CVE-2020-3263CISCO cisco — webex_meetings_desktop_app_for_mac   A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user. 2020-06-18 not yet calculated CVE-2020-3342CISCO cisco — webex_meetings_desktop_app_for_windows   A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks. 2020-06-18 not yet calculated CVE-2020-3347CISCO cisofy — lynis   CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks. 2020-06-18 not yet calculated CVE-2020-13882CONFIRM cisofy — lynis   In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. 2020-06-18 not yet calculated CVE-2019-13033CONFIRM cms_made_simple — cms_made_simple CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. 2020-06-19 not yet calculated CVE-2020-14926MISC connectwise — automate   By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178. 2020-06-15 not yet calculated CVE-2020-14159MISC cypress — cyw20735_devices   On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending “l2ping -s 600” to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384. 2020-06-16 not yet calculated CVE-2019-18614MISC dell — encryption_and_endpoint_security_suite Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. 2020-06-15 not yet calculated CVE-2020-5358MISC digdash — digdash_enterprise An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer. 2020-06-15 not yet calculated CVE-2020-13651MISC digdash — digdash_enterprise   An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it’s possible to determine whether the request targeted a open service. 2020-06-15 not yet calculated CVE-2020-13650MISC dmitry — deepmagic_information_gathering_tool   A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. 2020-06-19 not yet calculated CVE-2020-14931MISC dojo — dijit In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor’s LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. 2020-06-15 not yet calculated CVE-2020-4051MISCCONFIRM dolibarr — dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. 2020-06-18 not yet calculated CVE-2020-14443CONFIRM dolibarr — dolibarr   A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). 2020-06-19 not yet calculated CVE-2020-14475MISC ec-cube — ec-cube   Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. 2020-06-19 not yet calculated CVE-2020-5590MISCMISCMISC fabulatech — usb_for_remote_desktop ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. 2020-06-17 not yet calculated CVE-2020-9332MISCMISC fasterxml — jackson-databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). 2020-06-16 not yet calculated CVE-2020-14195MISC fasterxml — jackson-databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). 2020-06-14 not yet calculated CVE-2020-14060MISCMISC fasterxml — jackson-databind   FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). 2020-06-14 not yet calculated CVE-2020-14062MISCMISC fasterxml — jackson-databind   FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). 2020-06-14 not yet calculated CVE-2020-14061MISCMISC ffmpeg — ffmpeg FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. 2020-06-16 not yet calculated CVE-2020-14212MISCMISC fortiguard — fortimanager Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. 2020-06-16 not yet calculated CVE-2020-9289MISC fortiguard — fortios   A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user’s credentials should that attacker be able to read the session file stored on the targeted device’s system. 2020-06-16 not yet calculated CVE-2019-17655MISC gitlab — gitlab   A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 2020-06-19 not yet calculated CVE-2020-13274CONFIRMMISC gitlab — gitlab_community_and_enterprise_editions Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code 2020-06-19 not yet calculated CVE-2020-13261CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 2020-06-19 not yet calculated CVE-2020-13273CONFIRMMISC gitlab — gitlab_community_and_enterprise_editions User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 2020-06-19 not yet calculated CVE-2020-13276CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification 2020-06-19 not yet calculated CVE-2020-13265CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow 2020-06-19 not yet calculated CVE-2020-13272CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 2020-06-19 not yet calculated CVE-2020-13277CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token 2020-06-19 not yet calculated CVE-2020-13264CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link 2020-06-19 not yet calculated CVE-2020-13262CONFIRMMISCMISC gitlab — gitlab_enterprise_edition An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. 2020-06-19 not yet calculated CVE-2020-13263CONFIRMMISCMISC gitlab — gitlab_enterprise_edition   A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 2020-06-19 not yet calculated CVE-2020-13275CONFIRMMISCMISC golang — go   Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. 2020-06-17 not yet calculated CVE-2020-14040MISC google — android   Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714 2020-06-16 not yet calculated CVE-2020-0232MISC google — android   In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280 2020-06-16 not yet calculated CVE-2020-0234MISC google — android   In crus_sp_shared_ioctl we first copy 4 bytes from userdata into “size” variable, and then use that variable as the size parameter for “copy_from_user”, ending up overwriting memory following “crus_sp_hdr”. “crus_sp_hdr” is a static variable, of type “struct crus_sp_ioctl_header”.Product: AndroidVersions: Android kernelAndroid ID: A-135129430 2020-06-16 not yet calculated CVE-2020-0235MISC google — android   This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450 2020-06-16 not yet calculated CVE-2020-0223MISC helm — helm In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. 2020-06-16 not yet calculated CVE-2020-4053MISCMISCCONFIRM huawei — fusionsphere   FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. 2020-06-18 not yet calculated CVE-2020-9225MISC i2p — invisible_internet_project I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. 2020-06-16 not yet calculated CVE-2020-13431MISCMISC ibm — business_automation_workflow_and_business_process_manager IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716. 2020-06-17 not yet calculated CVE-2020-4532XFCONFIRM ibm — doors_next_generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. 2020-06-19 not yet calculated CVE-2020-4297XFCONFIRM ibm — doors_next_generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408. 2020-06-19 not yet calculated CVE-2020-4295XFCONFIRM ibm — doors_next_generation   IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141. 2020-06-19 not yet calculated CVE-2020-4281XFCONFIRM ibm — mq_appliance_and_mq_amqp_channels IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. 2020-06-16 not yet calculated CVE-2020-4320XFCONFIRM intel — active_management_technology   Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 2020-06-15 not yet calculated CVE-2020-0532MISC intel — active_management_technology   Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-06-15 not yet calculated CVE-2020-0535MISC intel — active_management_technology_and_ intel_standard_manageability Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. 2020-06-15 not yet calculated CVE-2020-0597MISCCONFIRM intel — active_management_technology_and_ intel_standard_manageability Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2020-06-15 not yet calculated CVE-2020-0595MISCCONFIRM intel — active_management_technology_and_ intel_standard_manageability Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-06-15 not yet calculated CVE-2020-8674MISCCONFIRM intel — active_management_technology_and_ intel_standard_manageability Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2020-06-15 not yet calculated CVE-2020-0594MISCCONFIRM intel — active_management_technology_and_ intel_standard_manageability Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-06-15 not yet calculated CVE-2020-0596MISCCONFIRM intel — converged_security_and_manageability_engine Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. 2020-06-15 not yet calculated CVE-2020-0534MISC intel — converged_security_and_manageability_engine Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-06-15 not yet calculated CVE-2020-0541MISC intel — converged_security_and_manageability_engine   Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. 2020-06-15 not yet calculated CVE-2020-0533MISC intel — converged_security_and_manageability_engine_and_trusted_execution_engine Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. 2020-06-15 not yet calculated CVE-2020-0536MISC intel — converged_security_and_manageability_engine_and_trusted_execution_engine Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. 2020-06-15 not yet calculated CVE-2020-0539MISC intel — converged_security_and_manageability_engine_and_trusted_execution_engine Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. 2020-06-15 not yet calculated CVE-2020-0542MISC intel — innovation_engine Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-06-15 not yet calculated CVE-2020-8675MISC intel — multiple_core_processors   Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. 2020-06-15 not yet calculated CVE-2020-0528MISC intel — multiple_core_processors   Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2020-06-15 not yet calculated CVE-2020-0529MISC intel — multiple_core_processors   Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. 2020-06-15 not yet calculated CVE-2020-0531MISC intel — multiple_processors Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-06-15 not yet calculated CVE-2020-0543SUSEFEDORAFEDORAUBUNTUUBUNTUUBUNTUUBUNTUUBUNTUUBUNTUMISC intel — multiple_products   Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. 2020-06-15 not yet calculated CVE-2020-0545MISC intel — multiple_solid_state_drives   Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. 2020-06-15 not yet calculated CVE-2020-0527MISC intel — server_platform_services Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. 2020-06-15 not yet calculated CVE-2020-0586MISC intel — trusted_execution_engine Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2020-06-15 not yet calculated CVE-2020-0566MISC internet_systems_consortium — berkeley_internet_name_domain An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. 2020-06-17 not yet calculated CVE-2020-8618CONFIRM internet_systems_consortium — berkeley_internet_name_domain Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (“*”) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. 2020-06-17 not yet calculated CVE-2020-8619CONFIRM jerryscript — jerryscript   An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c. 2020-06-15 not yet calculated CVE-2020-14163MISCMISC kuka — kuka_controller   Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs. 2020-06-16 not yet calculated CVE-2020-10268CONFIRM light_code_labs — caddy   Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. 2020-06-15 not yet calculated CVE-2018-21246MISCMISC linux — linux_kernel   In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. 2020-06-18 not yet calculated CVE-2020-14416MISCMISCMISC linux_foundation — jaeger Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials. 2020-06-19 not yet calculated CVE-2020-10750CONFIRMCONFIRM mailjet — mjml   MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. 2020-06-17 not yet calculated CVE-2020-12827MISCFULLDISCMISCMISCMISCMISCMISC mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). 2020-06-19 not yet calculated CVE-2018-21265CONFIRM mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. 2020-06-19 not yet calculated CVE-2019-20861CONFIRM mattermost — mattermost_desktop_app   An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. 2020-06-19 not yet calculated CVE-2019-20856CONFIRM mattermost — mattermost_desktop_apps   An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001. 2020-06-19 not yet calculated CVE-2020-14460CONFIRM mattermost — mattermost_desktop_apps   An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. 2020-06-19 not yet calculated CVE-2020-14456CONFIRM mattermost — mattermost_desktop_apps   An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. 2020-06-19 not yet calculated CVE-2020-14455CONFIRM mattermost — mattermost_desktop_apps   An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. 2020-06-19 not yet calculated CVE-2020-14454CONFIRM mattermost — mattermost_mobile_apps An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. 2020-06-19 not yet calculated CVE-2019-20848CONFIRM mattermost — mattermost_mobile_apps An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. 2020-06-19 not yet calculated CVE-2019-20850CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. 2020-06-19 not yet calculated CVE-2020-14449CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. 2020-06-19 not yet calculated CVE-2020-14451CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. 2020-06-19 not yet calculated CVE-2019-20849CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. 2020-06-19 not yet calculated CVE-2019-20851CONFIRM mattermost — mattermost_mobile_apps   An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). 2020-06-19 not yet calculated CVE-2019-20852CONFIRM mattermost — mattermost_packages An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. 2020-06-19 not yet calculated CVE-2019-20853CONFIRM mattermost — mattermost_plugins   An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person’s GitHub account. 2020-06-19 not yet calculated CVE-2019-20864CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. 2020-06-19 not yet calculated CVE-2018-21255CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. 2020-06-19 not yet calculated CVE-2017-18872CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data. 2020-06-19 not yet calculated CVE-2017-18883CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. 2020-06-19 not yet calculated CVE-2019-20865CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. 2020-06-19 not yet calculated CVE-2018-21248CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. 2020-06-19 not yet calculated CVE-2017-18896CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. 2020-06-19 not yet calculated CVE-2016-11062CONFIRM mattermost — mattermost_server An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. 2020-06-19 not yet calculated CVE-2016-11069CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. 2020-06-19 not yet calculated CVE-2017-18895CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. 2020-06-19 not yet calculated CVE-2017-18889CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. 2020-06-19 not yet calculated CVE-2016-11064CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. 2020-06-19 not yet calculated CVE-2017-18897CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. 2020-06-19 not yet calculated CVE-2017-18909CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. 2020-06-19 not yet calculated CVE-2017-18891CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. 2020-06-19 not yet calculated CVE-2017-18892CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. 2020-06-19 not yet calculated CVE-2017-18893CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. 2020-06-19 not yet calculated CVE-2017-18908CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. 2020-06-19 not yet calculated CVE-2017-18894CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. 2020-06-19 not yet calculated CVE-2017-18907CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else’s account. 2020-06-19 not yet calculated CVE-2017-18906CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. 2020-06-19 not yet calculated CVE-2017-18901CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. 2020-06-19 not yet calculated CVE-2017-18905CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. 2020-06-19 not yet calculated CVE-2017-18871CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. 2020-06-19 not yet calculated CVE-2016-11078CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post’s appearance. 2020-06-19 not yet calculated CVE-2016-11065CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. 2020-06-19 not yet calculated CVE-2017-18899CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. 2020-06-19 not yet calculated CVE-2017-18900CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf. 2020-06-19 not yet calculated CVE-2017-18885CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. 2020-06-19 not yet calculated CVE-2017-18902CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request. 2020-06-19 not yet calculated CVE-2017-18890CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. 2020-06-19 not yet calculated CVE-2016-11063CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. 2020-06-19 not yet calculated CVE-2017-18903CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. 2020-06-19 not yet calculated CVE-2016-11067CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. 2020-06-19 not yet calculated CVE-2016-11066CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. 2020-06-19 not yet calculated CVE-2017-18873CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. 2020-06-19 not yet calculated CVE-2017-18877CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. 2020-06-19 not yet calculated CVE-2017-18874CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. 2020-06-19 not yet calculated CVE-2017-18879CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. 2020-06-19 not yet calculated CVE-2017-18898CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. 2020-06-19 not yet calculated CVE-2017-18870CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. 2020-06-19 not yet calculated CVE-2017-18875CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. 2020-06-19 not yet calculated CVE-2017-18876CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. 2020-06-19 not yet calculated CVE-2016-11084CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. 2020-06-19 not yet calculated CVE-2016-11083CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. 2020-06-19 not yet calculated CVE-2016-11082CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. 2020-06-19 not yet calculated CVE-2016-11081CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user’s session. 2020-06-19 not yet calculated CVE-2017-18878CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. 2020-06-19 not yet calculated CVE-2016-11080CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. 2020-06-19 not yet calculated CVE-2016-11079CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. 2020-06-19 not yet calculated CVE-2016-11077CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. 2020-06-19 not yet calculated CVE-2017-18884CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. 2020-06-19 not yet calculated CVE-2017-18888CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. 2020-06-19 not yet calculated CVE-2016-11076CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. 2020-06-19 not yet calculated CVE-2016-11075CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. 2020-06-19 not yet calculated CVE-2016-11074CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. 2020-06-19 not yet calculated CVE-2016-11073CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. 2020-06-19 not yet calculated CVE-2016-11072CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. 2020-06-19 not yet calculated CVE-2016-11071CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. 2020-06-19 not yet calculated CVE-2017-18880CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. 2020-06-19 not yet calculated CVE-2016-11070CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. 2020-06-19 not yet calculated CVE-2017-18881CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. 2020-06-19 not yet calculated CVE-2016-11068CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. 2020-06-19 not yet calculated CVE-2017-18882CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator’s e-mail address to members. 2020-06-19 not yet calculated CVE-2017-18887CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. 2020-06-19 not yet calculated CVE-2018-21256CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. 2020-06-19 not yet calculated CVE-2017-18886CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. 2020-06-19 not yet calculated CVE-2019-20874CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. 2020-06-19 not yet calculated CVE-2018-21261CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. 2020-06-19 not yet calculated CVE-2019-20863CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. 2020-06-19 not yet calculated CVE-2019-20873CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. 2020-06-19 not yet calculated CVE-2018-21253CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. 2020-06-19 not yet calculated CVE-2018-21254CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post. 2020-06-19 not yet calculated CVE-2019-20867CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. 2020-06-19 not yet calculated CVE-2019-20882CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API. 2020-06-19 not yet calculated CVE-2018-21257CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. 2020-06-19 not yet calculated CVE-2018-21258CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. 2020-06-19 not yet calculated CVE-2018-21259CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. 2020-06-19 not yet calculated CVE-2018-21260CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. 2020-06-19 not yet calculated CVE-2019-20868CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. 2020-06-19 not yet calculated CVE-2017-18919CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID. 2020-06-19 not yet calculated CVE-2019-20870CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. 2020-06-19 not yet calculated CVE-2019-20871CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user’s account via a crafted SAML response. 2020-06-19 not yet calculated CVE-2018-21263CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. 2020-06-19 not yet calculated CVE-2018-21251CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. 2020-06-19 not yet calculated CVE-2018-21264CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. 2020-06-19 not yet calculated CVE-2019-20841CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. 2020-06-19 not yet calculated CVE-2019-20847CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. 2020-06-19 not yet calculated CVE-2019-20872CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. 2020-06-19 not yet calculated CVE-2019-20890CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. 2020-06-19 not yet calculated CVE-2019-20889CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. 2020-06-19 not yet calculated CVE-2019-20887CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. 2020-06-19 not yet calculated CVE-2019-20869CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. 2020-06-19 not yet calculated CVE-2019-20886CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. 2020-06-19 not yet calculated CVE-2019-20881CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. 2020-06-19 not yet calculated CVE-2017-18904CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. 2020-06-19 not yet calculated CVE-2017-18915CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. 2020-06-19 not yet calculated CVE-2015-9548CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. 2020-06-19 not yet calculated CVE-2019-20878CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. 2020-06-19 not yet calculated CVE-2019-20876CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. 2020-06-19 not yet calculated CVE-2019-20875CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. 2020-06-19 not yet calculated CVE-2018-21252CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. 2020-06-19 not yet calculated CVE-2019-20866CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. 2020-06-19 not yet calculated CVE-2018-21250CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. 2020-06-19 not yet calculated CVE-2017-18911CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. 2020-06-19 not yet calculated CVE-2019-20855CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. 2020-06-19 not yet calculated CVE-2019-20857CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. 2020-06-19 not yet calculated CVE-2019-20858CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. 2020-06-19 not yet calculated CVE-2019-20859CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. 2020-06-19 not yet calculated CVE-2019-20860CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. 2020-06-19 not yet calculated CVE-2019-20879CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. 2020-06-19 not yet calculated CVE-2017-18913CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. 2020-06-19 not yet calculated CVE-2017-18916CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team’s slash commands. 2020-06-19 not yet calculated CVE-2019-20862CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. 2020-06-19 not yet calculated CVE-2017-18912CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. 2020-06-19 not yet calculated CVE-2017-18914CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. 2020-06-19 not yet calculated CVE-2017-18921CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. 2020-06-19 not yet calculated CVE-2018-21249CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. 2020-06-19 not yet calculated CVE-2017-18920CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. 2020-06-19 not yet calculated CVE-2017-18918CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. 2020-06-19 not yet calculated CVE-2017-18917CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. 2020-06-19 not yet calculated CVE-2019-20854CONFIRM mattermost — mattermost_server   An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. 2020-06-19 not yet calculated CVE-2017-18910CONFIRM mergeobjects — mergeobjects The mergeObjects utility function is susceptible to Prototype Pollution. 2020-06-19 not yet calculated CVE-2020-7679MISCMISCMISC monitorapp — aiwaf-ve_and_aiwaf-4000   MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected Cross-Site Scripting (XSS) through a crafted URL. This occurs because the Detect URL field displays the original URL. 2020-06-16 not yet calculated CVE-2020-14210MISC morgan_stanley — hobbes   In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. 2020-06-12 not yet calculated CVE-2020-13656MISC mutt — mutt   Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. 2020-06-15 not yet calculated CVE-2020-14154MISCMISC mversion — mversion   In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function. 2020-06-18 not yet calculated CVE-2020-4059MISCCONFIRM naviwebs — navigate_cms Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the “Web Sites > Create > Aliases > Add” screen. 2020-06-19 not yet calculated CVE-2020-14927MISC netflix — conductor Netflix Conductor uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. 2020-06-16 not yet calculated CVE-2020-9296MISC netgear — multiple_devices   Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-06-18 not yet calculated CVE-2020-14432CONFIRM ngircd — ngircd   The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. 2020-06-15 not yet calculated CVE-2020-14148MISCMISCMISCMISCMISC nordaaker — convos   Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations. 2020-06-18 not yet calculated CVE-2020-14423MISCMISCMISC nut — nut   Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. 2020-06-12 not yet calculated CVE-2019-16252MISC octopus — deploy In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. 2020-06-19 not yet calculated CVE-2020-14470MISC open_microscopy_environment — omero OMERO before 5.6.1 makes the details of each user available to all users. 2020-06-17 not yet calculated CVE-2019-16245CONFIRM open_microscopy_environment — omero   In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. 2020-06-17 not yet calculated CVE-2019-9943CONFIRM open_microscopy_environment — omero   In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. 2020-06-17 not yet calculated CVE-2019-9944CONFIRM open_microscopy_environment — omero   OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed. 2020-06-17 not yet calculated CVE-2020-7932CONFIRM openbmc — openbmc   user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. 2020-06-15 not yet calculated CVE-2020-14156CONFIRMMISCCONFIRM pcre — perl_compatible_regular_expressions libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. 2020-06-15 not yet calculated CVE-2019-20838MISCMISC plex — media_server Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. 2020-06-15 not yet calculated CVE-2020-5742MISC pulse_secure — pulse_secure_client   A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. 2020-06-16 not yet calculated CVE-2020-13162MISCFULLDISCMISCCONFIRMMISCMISCMISCMISC python — python   Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. 2020-06-18 not yet calculated CVE-2020-14422MISCMISC rack — rack A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. 2020-06-19 not yet calculated CVE-2020-8184MISCMISC red_hat — ansible_tower   An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. 2020-06-18 not yet calculated CVE-2020-10782CONFIRM redislabs — redis An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. 2020-06-15 not yet calculated CVE-2020-14147MISCMISC requarks.io — wiki.js In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107. 2020-06-16 not yet calculated CVE-2020-4052MISCCONFIRM rockwell_automation — factorytalk_linx_and_rslinx FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. 2020-06-15 not yet calculated CVE-2020-12003MISC rockwell_automation — factorytalk_linx_and_rslinx   FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. 2020-06-15 not yet calculated CVE-2020-11999MISC rockwell_automation — factorytalk_linx_and_rslinx   FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. 2020-06-15 not yet calculated CVE-2020-12001MISC rockwell_automation — factorytalk_linx_and_rslinx   FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. 2020-06-15 not yet calculated CVE-2020-12005MISC rtslib-fb — rtslib-fb Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. 2020-06-19 not yet calculated CVE-2020-14019MISC ruby_on_rails — ruby_on_rails A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. 2020-06-19 not yet calculated CVE-2020-8164MISCMISCMLIST ruby_on_rails — ruby_on_rails A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage’s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. 2020-06-19 not yet calculated CVE-2020-8162MISCMISC ruby_on_rails — ruby_on_rails A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. 2020-06-19 not yet calculated CVE-2020-8167MISCMISC ruby_on_rails — ruby_on_rails A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. 2020-06-19 not yet calculated CVE-2020-8165MISCMISCMLIST satoshilabs — trezor_one_and_trezor_model_t BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T. 2020-06-16 not yet calculated CVE-2020-14199MISC schneider_electric — modicon_m218_logic_controller A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. 2020-06-16 not yet calculated CVE-2020-7502MISC schneider_electric — pro_ex A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. 2020-06-16 not yet calculated CVE-2020-7492MISC schneider_electric — u.motion_servers_and_touch_panels A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. 2020-06-16 not yet calculated CVE-2020-7500MISC schneider_electric — u.motion_servers_and_touch_panels   A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. 2020-06-16 not yet calculated CVE-2020-7499MISC schneider_electric — unity_loader_and_os_loader   A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. 2020-06-16 not yet calculated CVE-2020-7498MISC schneider_electric — vijeo_designer_basic_and_vijeo_designer   A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. 2020-06-16 not yet calculated CVE-2020-7501MISC sokkia — gnr5_vanguard_web SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. 2020-06-15 not yet calculated CVE-2020-14054MISC sophos — sg_firewall   A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. 2020-06-18 not yet calculated CVE-2020-11503CONFIRM squirrelmail — squirrelmail compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. 2020-06-20 not yet calculated CVE-2020-14932MISC squirrelmail — squirrelmail compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. 2020-06-20 not yet calculated CVE-2020-14933MISC stashcat — stashcat   An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users’s context. 2020-06-17 not yet calculated CVE-2020-13637MISCMISC strapi — strapi   Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. 2020-06-19 not yet calculated CVE-2020-13961MISCCONFIRMCONFIRM tp-link — multiple_devices   TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow 2020-06-17 not yet calculated CVE-2020-13224MISCMISC troglobit — uftpd In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. 2020-06-15 not yet calculated CVE-2020-14149MISCMISCMISC viki_solutions — vera   The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. 2020-06-12 not yet calculated CVE-2019-15123MISCMISC vmware — tools_for_macos   VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. 2020-06-19 not yet calculated CVE-2020-3972MISC webroot — endpoint_agent   Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. 2020-06-15 not yet calculated CVE-2020-5754MISC webroot — endpoint_agent   Webroot endpoint agents prior to version v9.0.28.48 did not protect the “%PROGRAMDATA%\WrData\PKG” directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. 2020-06-15 not yet calculated CVE-2020-5755MISC woocommerce — woocommerce WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. 2020-06-19 not yet calculated CVE-2019-20891MISCMISC wordpress — wordpress   A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) 2020-06-18 not yet calculated CVE-2020-13640MISCMISCMISCMISC wso2 — identity_server An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. 2020-06-18 not yet calculated CVE-2020-14446CONFIRM wso2 — identity_server An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. 2020-06-18 not yet calculated CVE-2020-14445CONFIRM wso2 — identity_server   An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. 2020-06-18 not yet calculated CVE-2020-14444CONFIRM zammad — zammad In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). 2020-06-16 not yet calculated CVE-2020-14213MISCMISC zammad — zammad   Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization. 2020-06-16 not yet calculated CVE-2020-14214MISCMISC zte — ztemarket_apk All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. 2020-06-17 not yet calculated CVE-2020-6869MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 8, 2020
    by CISA on June 15, 2020 at 10:52 am

    Original release date: June 15, 2020 | Last revised: June 22, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info anydesk — anydesk   AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. 2020-06-09 7.5 CVE-2020-13160MISCMISC apache — unomi   Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. 2020-06-05 10 CVE-2020-11975MISC apple — ios_and_ipados   An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. 2020-06-09 7.5 CVE-2020-9838MISC apple — macos_catalina   A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript. 2020-06-09 9.3 CVE-2020-9788MISC apple — macos_catalina   An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9841MISC apple — macos_catalina   A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9834MISC apple — macos_catalina   A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9830MISC apple — macos_catalina   An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9822MISC apple — macos_catalina   A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. 2020-06-09 9.3 CVE-2020-9817MISC apple — multiple_products A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9814MISCMISCMISCMISC apple — multiple_products   A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. 2020-06-09 7.5 CVE-2020-9850MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. 2020-06-09 7.8 CVE-2020-9844MISCMISC apple — multiple_products   An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9852MISCMISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9821MISCMISCMISCMISC apple — multiple_products   An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. 2020-06-09 9.3 CVE-2020-9816MISCMISCMISCMISC apple — multiple_products   An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. 2020-06-09 7.1 CVE-2020-9812MISCMISCMISCMISC apple — multiple_products   A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9795MISCMISCMISCMISC apple — multiple_products   An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2020-06-09 9.3 CVE-2020-9815MISCMISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution. 2020-06-09 9.3 CVE-2020-9793MISCMISCMISCMISC apple — multiple_products   An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2020-06-09 9.3 CVE-2020-9791MISCMISCMISCMISC apple — multiple_products   An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-06-09 9.3 CVE-2020-9790MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout. 2020-06-09 7.1 CVE-2020-9809MISCMISCMISCMISC apple — multiple_products   A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-06-09 9.3 CVE-2020-9813MISCMISCMISCMISC apple — multiple_products   An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-06-09 9.3 CVE-2020-9789MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. 2020-06-05 7.2 CVE-2020-9859MISC artica — pandora_fms   Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. 2020-06-11 9 CVE-2020-13855MISCMISC artica — pandora_fms   Artica Pandora FMS 7.44 allows privilege escalation. 2020-06-11 10 CVE-2020-13854MISCMISC artica — pandora_fms   Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. 2020-06-11 9 CVE-2020-13852MISCMISC artica — pandora_fms   Artica Pandora FMS 7.44 allows remote command execution via the events feature. 2020-06-11 9 CVE-2020-13851MISCMISC citrix — workspace_app   Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. 2020-06-08 7.2 CVE-2020-13885MISCCONFIRM citrix — workspace_app   Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. 2020-06-08 7.2 CVE-2020-13884MISCCONFIRM docker — docker_desktop   An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. 2020-06-05 7.2 CVE-2020-11492MISCMISC facade — ignition The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. 2020-06-07 7.5 CVE-2020-13909MISCMISC google — android   In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347 2020-06-10 7.2 CVE-2020-0114MISC google — android   In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428 2020-06-10 7.2 CVE-2020-0115MISC google — android   In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139532977 2020-06-11 7.2 CVE-2020-0165MISC google — android   In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405 2020-06-11 7.5 CVE-2020-0217MISC google — android   In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194 2020-06-10 10 CVE-2020-0117MISC huawei — multiple_products   Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. 2020-06-08 7.5 CVE-2020-9099MISC ibm — websphere_application_server   IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. 2020-06-05 10 CVE-2020-4448XFCONFIRMMISC ibm — websphere_application_server   IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. 2020-06-05 10 CVE-2020-4450XFCONFIRMMISC ibm — worklight/mobilefoundation   IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user’s session. IBM X-Force ID: 175211. 2020-06-05 7.5 CVE-2020-4229XFCONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). 2020-06-05 10 CVE-2020-13839CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). 2020-06-05 10 CVE-2020-13841CONFIRM lg — multiple_mobile_devices   An issue was disefscovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). 2020-06-05 7.5 CVE-2020-13840CONFIRM microsoft — chakracore_and_edge_(edgehtml-based) A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. 2020-06-09 9.3 CVE-2020-1073MISC microsoft — internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260. 2020-06-09 7.6 CVE-2020-1230MISC microsoft — internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. 2020-06-09 7.6 CVE-2020-1214MISC microsoft — internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. 2020-06-09 7.6 CVE-2020-1215MISC microsoft — internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260. 2020-06-09 7.6 CVE-2020-1216MISC microsoft — internet_explorer_9_and_11   A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. 2020-06-09 7.6 CVE-2020-1213MISC microsoft — multiple_products An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Defender Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1163. 2020-06-09 7.2 CVE-2020-1170MISC microsoft — multiple_products   An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Defender Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1170. 2020-06-09 7.2 CVE-2020-1163MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. 2020-06-09 7.2 CVE-2020-1247MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310. 2020-06-09 7.2 CVE-2020-1251MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Modules Installer Service Elevation of Privilege Vulnerability’. 2020-06-09 7.2 CVE-2020-1254MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310. 2020-06-09 7.2 CVE-2020-1253MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253. 2020-06-09 7.2 CVE-2020-1310MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. 2020-06-09 7.2 CVE-2020-1207MISCMISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 7.2 CVE-2020-0986MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka ‘Windows GDI Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0915. 2020-06-09 7.2 CVE-2020-0916MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka ‘Windows GDI Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0916. 2020-06-09 7.2 CVE-2020-0915MISC microsoft — multiple_windows_products   A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1208. 2020-06-09 9.3 CVE-2020-1236MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 7.2 CVE-2020-1246MISC microsoft — windows_10_and_windows_server   A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. 2020-06-09 9.3 CVE-2020-1248MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. 2020-06-09 7.2 CVE-2020-1197MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 7.2 CVE-2020-1266MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. 2020-06-09 7.1 CVE-2020-1283MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. 2020-06-09 7.2 CVE-2020-1258MISC perl — perl   Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. 2020-06-05 7.5 CVE-2020-10543CONFIRMCONFIRMCONFIRMGENTOOCONFIRM perl — perl   Perl before 5.30.3 has an integer overflow related to mishandling of a “PL_regkind[OP(n)] == NOTHING” situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. 2020-06-05 7.5 CVE-2020-10878CONFIRMCONFIRMCONFIRMCONFIRMGENTOOCONFIRM qbik — wingate   WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. 2020-06-08 7.2 CVE-2020-13866MISCMISCFULLDISC targetcli-fb — targetcli-fb   Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). 2020-06-05 7.5 CVE-2020-13867MISC tibco — managed_file_transfer_platform_server_for_ibm_i The file transfer component of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. 2020-06-09 10 CVE-2020-9412CONFIRMCONFIRM tibco — managed_file_transfer_platform_server_for_ibm_i The file transfer component of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option ‘Require Node Resp’ is set to ‘No’. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. 2020-06-09 9.3 CVE-2020-9411CONFIRMCONFIRM wordpress — wordpress   The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. 2020-06-08 7.5 CVE-2020-12800MISCCONFIRM zephyrproject — zephyr   An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 7.5 CVE-2020-10062MISCMISCMISCMISC zephyrproject — zephyr   The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 7.5 CVE-2020-10071MISCMISCMISCMISC zephyrproject — zephyr   In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 7.5 CVE-2020-10070MISCMISCMISCMISC zoom — zoom_client   An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. 2020-06-08 7.5 CVE-2020-6109MISC Back to top   Medium Vulnerabilities Primary Vendor — Produ-t4jra9i0r3OJI{ct Description Published CVSS Score Source & Patch Info apple — ios_and_ipados   An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. 2020-06-09 5 CVE-2020-9835MISC apple — ios_and_ipados   A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. 2020-06-09 5 CVE-2020-9820MISC apple — ios_and_ipados   This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. 2020-06-09 5 CVE-2020-9823MISC apple — macos_catalina   A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges. 2020-06-09 4.6 CVE-2020-9855MISC apple — macos_catalina   A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic. 2020-06-09 4.9 CVE-2020-9804MISC apple — macos_catalina   This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. 2020-06-09 4.6 CVE-2020-9856MISC apple — macos_catalina   A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. 2020-06-09 5 CVE-2020-9824MISC apple — macos_catalina   A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. 2020-06-09 4.9 CVE-2020-9833MISC apple — macos_catalina   An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. 2020-06-09 4.3 CVE-2020-9831MISC apple — macos_catalina   An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system. 2020-06-09 4.3 CVE-2020-9851MISC apple — macos_catalina   An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. 2020-06-09 4.3 CVE-2020-9832MISC apple — macos_catalina   This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. 2020-06-09 4.3 CVE-2020-3882MISC apple — macos_catalina   An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. 2020-06-09 6.8 CVE-2020-9847MISC apple — multiple_products An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. 2020-06-09 5 CVE-2020-9837MISCMISCMISC apple — multiple_products   An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. 2020-06-09 4.3 CVE-2020-9811MISCMISCMISCMISC apple — multiple_products   A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. 2020-06-09 4.3 CVE-2020-9829MISCMISCMISC apple — multiple_products   This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements. 2020-06-09 4.3 CVE-2020-9842MISCMISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. 2020-06-09 5.8 CVE-2020-9808MISCMISCMISCMISC apple — multiple_products   An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. 2020-06-09 5.8 CVE-2020-9794MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. 2020-06-09 5 CVE-2020-9827MISCMISCMISCMISC apple — multiple_products   A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. 2020-06-09 5 CVE-2020-9826MISCMISC apple — multiple_products   An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. 2020-06-09 4.3 CVE-2020-9843MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. 2020-06-09 5.1 CVE-2020-9839MISCMISCMISCMISC apple — multiple_products   An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application’s memory layout. 2020-06-09 4.3 CVE-2020-9797MISCMISCMISCMISC apple — multiple_products   An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. 2020-06-09 6.8 CVE-2020-9818MISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-06-09 6.8 CVE-2020-9806MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-06-09 6.8 CVE-2020-9800MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. 2020-06-09 6.8 CVE-2020-9825MISCMISC apple — multiple_products   A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. 2020-06-09 4.3 CVE-2020-9805MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-06-09 6.8 CVE-2020-9802MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-06-09 6.8 CVE-2020-9803MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-06-09 6.8 CVE-2020-9807MISCMISCMISCMISCMISCMISCMISC apple — multiple_products   A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. 2020-06-09 4.3 CVE-2020-9819MISCMISCMISCMISC apple — safari   A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application. 2020-06-09 4.6 CVE-2020-9801MISC artica — pandora_fms   Artica Pandora FMS 7.44 has inadequate access controls on a web folder. 2020-06-11 5 CVE-2020-13850MISCMISC bolt — bolt   In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. 2020-06-08 4.3 CVE-2020-4041MISCMISCCONFIRM bolt — bolt   Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 2020-06-08 4.3 CVE-2020-4040MISCMISCCONFIRM combodo — itop   In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. 2020-06-05 4.3 CVE-2020-11697CONFIRMCONFIRM combodo — itop   In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. 2020-06-05 4.3 CVE-2020-11696CONFIRMCONFIRM couchbase — couchbase_server   In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. 2020-06-08 6.8 CVE-2020-9042CONFIRM couchbase — couchbase_server_and_couchbase_sync_gateway   In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don’t more aggressively terminate slow connections. 2020-06-08 5 CVE-2020-9041CONFIRM couchbase — couchbase_server_java_sdk   Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK’s Netty component due to missing hostname verification. 2020-06-08 5 CVE-2020-9040CONFIRM craft — craft_cms   An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. 2020-06-05 4.3 CVE-2020-13868MISC d-link — multiple_devices   D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. 2020-06-08 5 CVE-2020-13960MISC dext5 — dext5   handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. 2020-06-07 5 CVE-2020-13894MISC ffmpeg — ffmpeg   FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. 2020-06-07 4.3 CVE-2020-13904MISCMISC freedesktop — dbus   An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service’s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. 2020-06-08 4.9 CVE-2020-12049CONFIRMMISCMISCMISCMISC google — android   In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364 2020-06-11 6.8 CVE-2020-0160MISC google — android   In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763 2020-06-11 4.6 CVE-2020-0210MISC google — android   In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592 2020-06-11 4.6 CVE-2020-0124MISC google — android   In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842 2020-06-11 4.6 CVE-2020-0209MISC google — android   In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139733543 2020-06-11 4.6 CVE-2020-0153MISC google — android   In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142280329 2020-06-11 4.6 CVE-2020-0150MISC google — android   In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736386 2020-06-11 4.6 CVE-2020-0155MISC google — android   In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-120078455 2020-06-11 4.6 CVE-2020-0136MISC google — android   In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961 2020-06-11 4.3 CVE-2020-0195MISC google — android   In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098 2020-06-11 4.6 CVE-2020-0208MISC google — android   In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913 2020-06-10 4.9 CVE-2020-0113MISC google — android   In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809 2020-06-10 4.9 CVE-2020-0116MISC google — android   In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694 2020-06-10 6.9 CVE-2020-0118MISC google — android   In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919 2020-06-11 5 CVE-2020-0128MISC google — android   In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289 2020-06-11 4.6 CVE-2020-0137MISC google — android   In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123292010 2020-06-11 4.6 CVE-2020-0129MISC google — android   In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289 2020-06-11 4.3 CVE-2020-0207MISC google — android   In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146435761 2020-06-11 5 CVE-2020-0142MISC google — android   In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 2020-06-11 4.3 CVE-2020-0193MISC google — android   In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79702484 2020-06-11 5 CVE-2020-0176MISC google — android   In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080 2020-06-11 4.3 CVE-2020-0192MISC google — android   In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 2020-06-11 4.3 CVE-2020-0191MISC google — android   In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 2020-06-11 4.3 CVE-2020-0180MISC google — android   In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526860 2020-06-11 4.6 CVE-2020-0166MISC google — android   In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081 2020-06-11 4.6 CVE-2020-0219MISC google — android   In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146053215 2020-06-11 5 CVE-2020-0140MISC google — android   In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 2020-06-11 5 CVE-2020-0181MISC google — android   In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264 2020-06-11 5 CVE-2020-0214MISC google — android   In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-129475100 2020-06-11 4.3 CVE-2020-0167MISC google — android   In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124525515 2020-06-11 4.3 CVE-2020-0163MISC google — android   In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959 2020-06-11 4.3 CVE-2020-0162MISC google — android   In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127973550 2020-06-11 4.3 CVE-2020-0161MISC goole — android   In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 2020-06-11 4 CVE-2020-0157MISC hesk — hesk   HESK before 3.1.10 allows reflected XSS. 2020-06-07 4.3 CVE-2020-13897MISC huawei — multiple_devices   Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. 2020-06-05 5 CVE-2020-9074MISC huawei — multiple_products   Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. 2020-06-05 4 CVE-2020-1883MISC ibm — maximo_asset_management   IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. 2020-06-08 6.5 CVE-2020-4529XFCONFIRM ibm — websphere_application_server   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. 2020-06-05 5 CVE-2020-4449XFCONFIRMMISC imagemagik — imagemagik   ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. 2020-06-07 5.8 CVE-2020-13902MISC lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). 2020-06-05 4.6 CVE-2020-13842CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). 2020-06-05 4.9 CVE-2020-13843CONFIRM libreoffice — libreoffice   ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. 2020-06-08 4.3 CVE-2020-12803MISC libreoffice — libreoffice   LibreOffice has a ‘stealth mode’ in which only documents from locations deemed ‘trusted’ are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice’s ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. 2020-06-08 4.3 CVE-2020-12802MISC microsoft — multiple_products An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. 2020-06-09 4.6 CVE-2020-1278MISC microsoft — multiple_products   An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 4.6 CVE-2020-1264MISC microsoft — multiple_products   An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. 2020-06-09 4.6 CVE-2020-1293MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. 2020-06-09 4.6 CVE-2020-1257MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘OLE Automation Elevation of Privilege Vulnerability’. 2020-06-09 6.8 CVE-2020-1212MISC microsoft — multiple_windows_products   A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka ‘Windows Registry Denial of Service Vulnerability’. 2020-06-09 4.9 CVE-2020-1194MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. 2020-06-09 6.5 CVE-2020-1255MISC microsoft — multiple_windows_products   A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1238. 2020-06-09 6.8 CVE-2020-1239MISCMISC microsoft — sharepoint_enterprise_server_2013_and_2016_and_sharepoint_server_2010_and_2019 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. 2020-06-09 6.5 CVE-2020-1181MISCMISC microsoft — sharepoint_server   An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka ‘Microsoft SharePoint Server Elevation of Privilege Vulnerability’. 2020-06-09 6.5 CVE-2020-1178MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 4.6 CVE-2020-1273MISC microsoft — windows_10_and_windows_server A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1244. 2020-06-09 4.9 CVE-2020-1120MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 4.6 CVE-2020-1275MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. 2020-06-09 4.6 CVE-2020-1265MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka ‘Windows Network List Service Elevation of Privilege Vulnerability’. 2020-06-09 6.8 CVE-2020-1209MISC microsoft — windows_10_and_windows_server An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’. 2020-06-09 5 CVE-2020-1206MISCMISC microsoft — windows_10_and_windows_server   A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Denial of Service Vulnerability’. 2020-06-09 4.3 CVE-2020-1284MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka ‘Windows Kernel Security Feature Bypass Vulnerability’. 2020-06-09 6.8 CVE-2020-1241MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1120. 2020-06-09 5.8 CVE-2020-1244MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. 2020-06-09 6.8 CVE-2020-1211MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. 2020-06-09 6.8 CVE-2020-1235MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka ‘Media Foundation Information Disclosure Vulnerability’. 2020-06-09 4.3 CVE-2020-1232MISCMISC microsoft — windows_10_and_windows_server_and_windows_server_2019 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1239. 2020-06-09 6.8 CVE-2020-1238MISCMISCMISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Information Disclosure Vulnerability’. 2020-06-09 6.8 CVE-2020-1217MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 4.6 CVE-2020-1274MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1307, CVE-2020-1316. 2020-06-09 4.6 CVE-2020-1276MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 6.8 CVE-2020-1237MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1324. 2020-06-09 4.6 CVE-2020-1162MISC mumble — mumble   Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL’s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) 2020-06-09 5 CVE-2020-13962MISCMISCMISC nagios — nagios   Nagios 4.4.5 allows an attacker, who already has administrative access to change the “URL for JSON CGIs” configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. 2020-06-09 4 CVE-2020-13977MISCMISCMISC nextcloud — talk   A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. 2020-06-08 6.5 CVE-2020-8180MISCMISC node.js — node.js   TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. 2020-06-08 5.8 CVE-2020-8172MISCMISC opensearch — opensearch_web_browser   OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated] 2020-06-08 5.8 CVE-2020-8954MISCMISC otrs — open_ticket_request_system BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions. 2020-06-08 4.3 CVE-2020-1775MISC owasp — json-sanitizer   OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. 2020-06-09 4.3 CVE-2020-13973MISC pam_tacplus — pam_tacplus   In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. 2020-06-06 4.3 CVE-2020-13881MLISTMISCMISCMLIST pengutronix — barebox   Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. 2020-06-07 6.4 CVE-2020-13910MISC perl — perl   regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. 2020-06-05 5 CVE-2020-12723CONFIRMCONFIRMCONFIRMMISCMISCGENTOOCONFIRM phpmailer — phpmailer   PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. 2020-06-08 5 CVE-2020-13625CONFIRMCONFIRMMLIST prisma — graphql_playground   GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13. 2020-06-08 4.3 CVE-2020-4038MISCMISCCONFIRM pydio — cells   In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed. 2020-06-05 5.8 CVE-2020-12848MISCMISCMISC realtek — adsl/pon_modern_soc_devices   A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. 2020-06-08 6.5 CVE-2020-12773MISC roundcube — webmail   An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. 2020-06-09 4.3 CVE-2020-13965MISCMISCMISCMISCCONFIRMDEBIAN roundcube — webmail   An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. 2020-06-09 4.3 CVE-2020-13964MISCMISCMISCCONFIRMDEBIAN solarwinds — advanced_monitoring_agent   SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. 2020-06-07 6 CVE-2020-13912MISC sqlite — sqlite   SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. 2020-06-06 5 CVE-2020-13871MISCMISCMISC swift_networks — red_cheetah In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL. 2020-06-05 6.1 CVE-2020-13646MISC videolan — vlc_media_player   A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. 2020-06-08 6.8 CVE-2020-13428MISCMISCCONFIRM whitesource — application_vulnerability_management   The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries. 2020-06-08 5 CVE-2020-5304MISCMISC wordpress — wordpress   The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. 2020-06-10 4.3 CVE-2020-14010MISC ws02 — multiple_products   In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. 2020-06-06 6.5 CVE-2020-13883MISC xack — xack_dns   XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver’s performance or compromising the recursive resolver as a reflector in a reflection attack. 2020-06-05 5 CVE-2020-5591MISCMISC zephyrproject — zephyr   Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. 2020-06-05 5.8 CVE-2020-10061MISCMISCMISCMISCMISCMISC zepthyr_project — zephyr   A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 5 CVE-2020-10063MISCMISCMISCMISCMISCMISC zoom — zoom_client   An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. 2020-06-08 6.8 CVE-2020-6110MISC Back to top0-tw-0itw   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info angular — angular.js   angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping “<option>” elements in “<select>” ones changes parsing behavior, leading to possibly unsanitizing code. 2020-06-08 3.5 CVE-2020-7676MISCMISCMISC apple — ios_and_ipados   An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. 2020-06-09 2.1 CVE-2020-9848MISC apple — multiple_products   A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service. 2020-06-09 2.1 CVE-2020-9792MISCMISC arm — arm8-a_core Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka “straight-line speculation.” 2020-06-08 2.1 CVE-2020-13844CONFIRMCONFIRMMISCCONFIRMCONFIRM artica — pandora_fms   Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. 2020-06-11 3.5 CVE-2020-13853MISCMISC bitdefender — antivirus_free   A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. 2020-06-05 3.6 CVE-2020-8103CONFIRM bludit — bludit showAlert() in the administration panel in Bludit 3.12.0 allows XSS. 2020-06-06 3.5 CVE-2020-13889MISC craft — craft_cms An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. 2020-06-05 3.5 CVE-2020-13869MISC craft — craft_cms An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. 2020-06-05 3.5 CVE-2020-13870MISC enhancesoft — osticket   scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. 2020-06-10 3.5 CVE-2020-14012MISC google — android   In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089 2020-06-11 2.1 CVE-2020-0149MISC google — android   In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128 2020-06-11 2.1 CVE-2020-0158MISC google — android   In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919 2020-06-11 2.1 CVE-2020-0154MISC google — android   In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384 2020-06-11 2.1 CVE-2020-0151MISC google — android   In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816 2020-06-11 2.1 CVE-2020-0132MISC google — android   In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492 2020-06-11 2.1 CVE-2020-0148MISC google — android   In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392 2020-06-11 2.1 CVE-2020-0147MISC google — android   In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561 2020-06-11 2.1 CVE-2020-0146MISC google — android   In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 2020-06-11 2.1 CVE-2020-0145MISC google — android   In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277 2020-06-11 2.1 CVE-2020-0143MISC google — android   In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127 2020-06-11 2.1 CVE-2020-0156MISC google — android   In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159 2020-06-11 2.1 CVE-2020-0152MISC google — android   In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125 2020-06-11 2.1 CVE-2020-0164MISC google — android   In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 2020-06-11 2.1 CVE-2020-0187MISC google — android   In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398 2020-06-11 2.1 CVE-2020-0178MISC google — android   In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353 2020-06-11 2.1 CVE-2020-0177MISC google — android   In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766 2020-06-10 2.1 CVE-2020-0121MISC google — android   In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035 2020-06-11 3.5 CVE-2020-0159MISC google — android   In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771 2020-06-11 2.1 CVE-2020-0134MISC google — android   In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145520471 2020-06-11 2.1 CVE-2020-0139MISC google — android   In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837 2020-06-11 2.1 CVE-2020-0135MISC google — android   In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379 2020-06-11 2.1 CVE-2020-0197MISC google — android   In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152 2020-06-11 2.1 CVE-2020-0185MISC google — android   In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 2020-06-11 2.1 CVE-2020-0182MLISTMISC google — android   In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497 2020-06-11 2.1 CVE-2020-0144MISC huawei — multiple_smartphones   Some Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. The affected products and versions are: ALP-AL00B Versions earlier than 9.0.0.181(C00E87R2P20T8) ALP-L09 Versions earlier than 9.0.0.201(C432E4R1P9) ALP-L29 Versions earlier than 9.0.0.177(C185E2R1P12T8), Versions earlier than 9.0.0.195(C636E2R1P12) Anne-AL00 Versions earlier than 8.0.0.168(C00) BLA-AL00B Versions earlier than 9.0.0.181(C00E88R2P15T8) BLA-L09C Versions earlier than 9.0.0.177(C185E2R1P13T8), Versions earlier than 9.0.0.206(C432E4R1P11) BLA-L29C Versions earlier than 9.0.0.179(C576E2R1P7T8), Versions earlier than 9.0.0.194(C185E2R1P13), Versions earlier than 9.0.0.206(C432E4R1P11), Versions earlier than 9.0.0.210(C635E4R1P13) Berkeley-AL20 Versions earlier than 9.0.0.156(C00E156R2P14T8) Berkeley-L09 Versions earlier than 8.0.0.172(C432), Versions earlier than 8.0.0.173(C636) Emily-L29C Versions earlier than 9.0.0.159(C185E2R1P12T8), Versions earlier than 9.0.0.159(C461E2R1P11T8), Versions earlier than 9.0.0.160(C432E7R1P11T8), Versions earlier than 9.0.0.165(C605E2R1P12), Versions earlier than 9.0.0.168(C636E7R1P13T8), Versions earlier than 9.0.0.168(C782E3R1P11T8), Versions earlier than 9.0.0.196(C635E2R1P11T8) Figo-L03 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L21 Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C635E6R1P5T8) Figo-L23 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L31 Versions earlier than 9.1.0.130(C432E8R1P5T8) Florida-L03 Versions earlier than 9.1.0.121(C605E5R1P1T8) Florida-L21 Versions earlier than 8.0.0.129(C605), Versions earlier than 8.0.0.131(C432), Versions earlier than 8.0.0.132(C185) Florida-L22 Versions earlier than 8.0.0.132(C636) Florida-L23 Versions earlier than 8.0.0.144(C605) HUAWEI P smart Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C605E6R1P5T8) HUAWEI P smart, HUAWEI Y7s Versions earlier than 9.1.0.124(C636E6R1P5T8) HUAWEI P20 lite Versions earlier than 8.0.0.148(C635), Versions earlier than 8.0.0.155(C185), Versions earlier than 8.0.0.155(C605), Versions earlier than 8.0.0.156(C605), Versions earlier than 8.0.0.157(C432) HUAWEI nova 3e, HUAWEI P20 lite Versions earlier than 8.0.0.147(C461), Versions earlier than 8.0.0.148(ZAFC185), Versions earlier than 8.0.0.160(C185), Versions earlier than 8.0.0.160(C605), Versions earlier than 8.0.0.168(C432), Versions earlier than 8.0.0.172(C636) Honor View 10 Versions earlier than 9.0.0.202(C567E6R1P12T8) Leland-AL00A Versions earlier than 8.0.0.182(C00) Leland-L21A Versions earlier than 8.0.0.135(C185), Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22A Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22C Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L31A Versions earlier than 8.0.0.139(C432) 2020-06-08 2.1 CVE-2019-19412CONFIRM microsoft — edge_(edgehtml-based)   An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka ‘Microsoft Edge Information Disclosure Vulnerability’. 2020-06-09 2.6 CVE-2020-1242MISC microsoft — multiple_sharepoint_products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. 2020-06-09 3.5 CVE-2020-1297MISC microsoft — multiple_sharepoint_products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320. 2020-06-09 3.5 CVE-2020-1318MISC microsoft — multiple_sharepoint_products   A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318. 2020-06-09 3.5 CVE-2020-1320MISC microsoft — multiple_sharepoint_products   A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. 2020-06-09 3.5 CVE-2020-1177MISC microsoft — multiple_sharepoint_products   A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. 2020-06-09 3.5 CVE-2020-1183MISC microsoft — multiple_sharepoint_products   A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320. 2020-06-09 3.5 CVE-2020-1298MISC microsoft — multiple_windows_products   An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. 2020-06-09 2.1 CVE-2020-1160MISC microsoft — sharepoint_enterprise_server 2013_and_2016_and_sharepoint_server_2010_and_2019 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1289. 2020-06-09 3.5 CVE-2020-1148MISC microsoft — sharepoint_foundation_2010   A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1148. 2020-06-09 3.5 CVE-2020-1289MISC microsoft — windows_10_and_windows_server   An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka ‘Windows Service Information Disclosure Vulnerability’. 2020-06-09 2.1 CVE-2020-1268MISC neon — neon The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. 2020-06-06 3.5 CVE-2020-13890MISC pydio — cells Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. 2020-06-05 3.5 CVE-2020-12849MISCMISCMISC royal_apps — royal_ts   Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. 2020-06-09 3.3 CVE-2020-13872MISCFULLDISCMISC wordpress — wordpress   The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. 2020-06-05 3.5 CVE-2020-13864MISC wordpress — wordpress   The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. 2020-06-05 3.5 CVE-2020-13865MISC wordpress — wordpress   The SportsPress plugin before 2.7.2 for WordPress allows XSS. 2020-06-09 3.5 CVE-2020-13892MISC your_online_shop — your_online_shop   Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. 2020-06-09 3.5 CVE-2020-13911MISC zephyrproject — zephyr   In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. 2020-06-05 3.3 CVE-2020-10068MISCMISCMISCMISCMISCMISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — experience_manager Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-12 not yet calculated CVE-2020-9645CONFIRM adobe — experience_manager Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 not yet calculated CVE-2020-9647CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 not yet calculated CVE-2020-9651CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-06-12 not yet calculated CVE-2020-9643CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 not yet calculated CVE-2020-9644CONFIRM adobe — experience_manager   Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. 2020-06-12 not yet calculated CVE-2020-9648CONFIRM adobe — flash_player   Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 not yet calculated CVE-2020-9633CONFIRMGENTOO adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 not yet calculated CVE-2020-9636CONFIRM adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 not yet calculated CVE-2020-9634CONFIRM adobe — framemaker   Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-06-12 not yet calculated CVE-2020-9635CONFIRM apache — karaf   In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an “admin” can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a “viewer” role. In the ‘etc/jmx.acl.cfg’, such as role can call get*. It’s possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as “viewer” doesn’t have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a “viewer” role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it’s possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer. 2020-06-12 not yet calculated CVE-2020-11980MISC apple — windows_migration_assistant   A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. 2020-06-09 not yet calculated CVE-2020-9858MISC arista — cloud_eos_vm/veos   A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured. 2020-06-10 not yet calculated CVE-2020-11622MISCCONFIRM cd-messenger — cd-messenger   cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution. 2020-06-10 not yet calculated CVE-2020-7675MISC ciphermail — community_gateway_and_professional/enterprise_gateway_and_webmail_messenger An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. 2020-06-11 not yet calculated CVE-2020-12713MISCMISCMISCMISCMISCMISC ciphermail — community_gateway_virtual_appliances_and_professional/enterprise_gateway_and_webmail_messenger_virtual_appliances An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients. 2020-06-11 not yet calculated CVE-2020-12714MISCMISCMISCMISCMISCMISC citrix — xenapp   ** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. 2020-06-11 not yet calculated CVE-2020-13998MISC cypress — psoc_creator_ble   The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing. 2020-06-09 not yet calculated CVE-2020-11957CONFIRM dell — multiple_products Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. 2020-06-10 not yet calculated CVE-2020-5362MISC dell — multiple_products   Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell’s manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. 2020-06-10 not yet calculated CVE-2020-5363MISC freebsd — freebsd   In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution. 2020-06-09 not yet calculated CVE-2020-7456MISC geovision — door_access_control_devices GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. 2020-06-12 not yet calculated CVE-2020-3930MISC geovision — door_access_control_devices GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. 2020-06-12 not yet calculated CVE-2020-3928MISC geovision — door_access_control_devices   GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. 2020-06-12 not yet calculated CVE-2020-3929MISC gitlab — gitlab_community_and_enterprise_editions A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 2020-06-10 not yet calculated CVE-2020-13267CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users’ deploy keys under certain conditions 2020-06-09 not yet calculated CVE-2020-13266CONFIRMMISC gitlab — gitlab_community_and_enterprise_editions A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 2020-06-10 not yet calculated CVE-2020-13269CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 2020-06-10 not yet calculated CVE-2020-13268CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 2020-06-10 not yet calculated CVE-2020-13271CONFIRMMISCMISC gitlab — gitlab_community_and_enterprise_editions Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API 2020-06-10 not yet calculated CVE-2020-13270CONFIRMMISCMISC google — android In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123700383 2020-06-11 not yet calculated CVE-2020-0169MISC google — android In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854 2020-06-11 not yet calculated CVE-2020-0212MISC google — android   Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. 2020-06-12 not yet calculated CVE-2019-16252MISC google — android   In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126204073 2020-06-11 not yet calculated CVE-2020-0216MISC google — android   In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793 2020-06-11 not yet calculated CVE-2020-0141MISC google — android   In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141688974 2020-06-11 not yet calculated CVE-2020-0184MISC google — android   In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 2020-06-10 not yet calculated CVE-2020-0119MISC google — android   In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930 2020-06-11 not yet calculated CVE-2020-0126MISC google — android   In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506 2020-06-11 not yet calculated CVE-2020-0127MISC google — android   In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060 2020-06-11 not yet calculated CVE-2020-0133MISC google — android   In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638 2020-06-11 not yet calculated CVE-2020-0131MISC google — android   In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905 2020-06-11 not yet calculated CVE-2020-0218MISC google — android   In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn’t in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416 2020-06-11 not yet calculated CVE-2020-0138MISC google — android   In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege of a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417248 2020-06-11 not yet calculated CVE-2020-0215MISC google — android   In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479 2020-06-11 not yet calculated CVE-2020-0183MISC google — android   In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590 2020-06-11 not yet calculated CVE-2020-0194MISC google — android   In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143464314 2020-06-11 not yet calculated CVE-2020-0213MISC google — android   In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283 2020-06-11 not yet calculated CVE-2020-0189MISC google — android   In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897 2020-06-11 not yet calculated CVE-2020-0188MISC google — android   In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-130656917 2020-06-11 not yet calculated CVE-2020-0179MISC google — android   In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255 2020-06-11 not yet calculated CVE-2020-0233MISC google — android   In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313764 2020-06-11 not yet calculated CVE-2020-0173MISC google — android   In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137798382 2020-06-11 not yet calculated CVE-2020-0168MISC google — android   In onStart of MainActivity.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142936525 2020-06-11 not yet calculated CVE-2020-0202MISC google — android   In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140324890 2020-06-11 not yet calculated CVE-2020-0190MISC google — android   In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313537 2020-06-11 not yet calculated CVE-2020-0174MISC google — android   In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127312550 2020-06-11 not yet calculated CVE-2020-0172MISC google — android   In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313223 2020-06-11 not yet calculated CVE-2020-0171MISC google — android   In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127310810 2020-06-11 not yet calculated CVE-2020-0170MISC google — android   In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 2020-06-11 not yet calculated CVE-2020-0198MLISTMISC google — android   In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833 2020-06-11 not yet calculated CVE-2020-0196MISC google — android   In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061 2020-06-11 not yet calculated CVE-2020-0206MISC google — android   In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126380818 2020-06-11 not yet calculated CVE-2020-0175MISC google — android   In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311 2020-06-11 not yet calculated CVE-2020-0203MISC google — android   In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136498130 2020-06-11 not yet calculated CVE-2020-0204MISC google — android   In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020 2020-06-11 not yet calculated CVE-2020-0205MISC google — android   In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773 2020-06-11 not yet calculated CVE-2020-0211MISC google — android   In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143601727 2020-06-11 not yet calculated CVE-2020-0201MISC google — android   In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406 2020-06-11 not yet calculated CVE-2020-0199MISC google — android   In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862 2020-06-11 not yet calculated CVE-2020-0200MISC google — android   In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146144463 2020-06-11 not yet calculated CVE-2020-0186MISC hashicorp — consul_and_consul_enterprise   HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. 2020-06-11 not yet calculated CVE-2020-13170CONFIRMCONFIRMCONFIRM hashicorp — consul_and_consul_enterprise   HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. 2020-06-11 not yet calculated CVE-2020-12758CONFIRMCONFIRMCONFIRM hashicorp — consul_and_consul_enterprise   HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. 2020-06-11 not yet calculated CVE-2020-12797CONFIRMCONFIRMCONFIRM hashicorp — consul_and_consul_enterprise   HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4. 2020-06-11 not yet calculated CVE-2020-13250CONFIRMCONFIRMCONFIRM hashicorp — vault_and_vault_enterprise HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect Access Control. 2020-06-10 not yet calculated CVE-2020-12757MISCCONFIRM hashicorp — vault_and_vault_enterprise   HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. 2020-06-10 not yet calculated CVE-2020-13223MISCMISC hcl — digital_experience “HCL Digital Experience is susceptible to Server Side Request Forgery.” 2020-06-11 not yet calculated CVE-2020-4101MISC http_file_server — http_file_server   rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers. 2020-06-08 not yet calculated CVE-2020-13432MISCMISCFULLDISCMISCMISCMISC ibm — api_connect   IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. 2020-06-12 not yet calculated CVE-2020-4251XFCONFIRM ibm — multiple_aspera_products   Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810. 2020-06-10 not yet calculated CVE-2020-4432XFCONFIRM ibm — multiple_aspera_products   Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900. 2020-06-10 not yet calculated CVE-2020-4434XFCONFIRM ibm — multiple_aspera_products   Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901. 2020-06-10 not yet calculated CVE-2020-4435XFCONFIRM ibm — multiple_aspera_products   Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814. 2020-06-10 not yet calculated CVE-2020-4433XFCONFIRM ibm — multiple_aspera_products   Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902. 2020-06-10 not yet calculated CVE-2020-4436XFCONFIRM ibm — qradar_network_packet_capture IBM QRadar Network Packet Capture 7.3.0 – 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. 2020-06-10 not yet calculated CVE-2019-4576XFCONFIRM ibm — workload_scheduler   IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160. 2020-06-11 not yet calculated CVE-2020-4380XFCONFIRM icanga — icanga2 An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. 2020-06-12 not yet calculated CVE-2020-14004CONFIRMMISCMISCMISCMISC inductive_automation — ignition The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information. 2020-06-09 not yet calculated CVE-2020-12004MISC inductive_automation — ignition   The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information. 2020-06-09 not yet calculated CVE-2020-12000MISC inductive_automation — ignition   The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information. 2020-06-09 not yet calculated CVE-2020-10644MISC irfanview — irfanview IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7. 2020-06-10 not yet calculated CVE-2020-13906MISCMISC irfanview — irfanview   IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. 2020-06-10 not yet calculated CVE-2020-13905MISCMISC joomla! — joomla! The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager. 2020-06-09 not yet calculated CVE-2020-13996MISCMISC kata_containers — kata_containers A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions. 2020-06-10 not yet calculated CVE-2020-2026MISCMISCMISCMISC kata_containers — kata_containers   Kata Containers doesn’t restrict containers from accessing the guest’s root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions. 2020-06-10 not yet calculated CVE-2020-2023MISCMISCMISCMISCMISCMISCMISC lenovo — multiple_devices   A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. 2020-06-09 not yet calculated CVE-2019-6173MISC lenovo — multiple_devices   A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. 2020-06-09 not yet calculated CVE-2019-6196MISC lenovo — multiple_thinkpad_devices The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. 2020-06-09 not yet calculated CVE-2020-8334MISC lenovo — multiple_thinkpad_devices Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. 2020-06-09 not yet calculated CVE-2020-8336MISC lenovo — mutliple_thinkpad_devices   An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. 2020-06-09 not yet calculated CVE-2020-8320MISC lenovo — notebook_and_thinkstation_devices   A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. 2020-06-09 not yet calculated CVE-2020-8321MISC lenovo — notebook_and_thinkstation_devices   A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. 2020-06-09 not yet calculated CVE-2020-8322MISC lenovo — thinkpad_and_notebook_and_thinkstation_devices   A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. 2020-06-09 not yet calculated CVE-2020-8323MISC lenovo — thinksystem_devices   A potential vulnerability in the BIOS configuration of some ThinkSystem models due to missing DMA protections that may allow a user with physical access read or write access to system memory. 2020-06-09 not yet calculated CVE-2020-8331MISC liferay — portal_and_dxp In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. 2020-06-10 not yet calculated CVE-2020-13445CONFIRM liferay — portal_and_dxp   Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. 2020-06-10 not yet calculated CVE-2020-13444CONFIRM linux — linux_kernel An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. 2020-06-09 not yet calculated CVE-2020-13974MISCMISC linux — linux_kernel   A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. 2020-06-09 not yet calculated CVE-2020-10757SUSEREDHATMISCMLISTFEDORADEBIANDEBIANMISC linux — linux_kernel   A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. 2020-06-12 not yet calculated CVE-2020-10732SUSECONFIRMMISCMISCMISCMISC mcafee — agent   DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. 2020-06-10 not yet calculated CVE-2019-3613CONFIRM mcafee — host_intrusion_prevention_system   DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. 2020-06-10 not yet calculated CVE-2020-7279CONFIRM mcafee — total_protection_for_macos   Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. 2020-06-10 not yet calculated CVE-2019-3617CONFIRM mcafee — virus_scan_enterprise   Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. 2020-06-10 not yet calculated CVE-2020-7280CONFIRM mcafee — virusscan_enterprise   Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages – Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. 2020-06-10 not yet calculated CVE-2019-3585CONFIRM mcafee — virusscan_enterprise   Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages – Threat Alert Window when the Windows Login Screen is locked. 2020-06-10 not yet calculated CVE-2019-3588CONFIRM meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory. 2020-06-10 not yet calculated CVE-2020-13899MISCCONFIRMMISC meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference. 2020-06-10 not yet calculated CVE-2020-13898MISCMISCCONFIRMMISC meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference. 2020-06-10 not yet calculated CVE-2020-13900MISCMISCCONFIRMMISC meetecho — janus-gateway   An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. 2020-06-10 not yet calculated CVE-2020-13901MISCCONFIRMMISC micro_focus — arcsight_logger   Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. 2020-06-12 not yet calculated CVE-2020-11839MISC microsoft — azure_devops_server_2019 A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka ‘Azure DevOps Server HTML Injection Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1327MISC microsoft — bing_search_for_android A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka ‘Microsoft Bing Search Spoofing Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1329MISC microsoft — chakracore_and_internet_explorer_11_and_edge_(edgehtml-based) A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1219MISCMISC microsoft — edge_(chromium-based)   A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka ‘Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1220MISC microsoft — internet_explorer_9_and_11 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka ‘Internet Explorer Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1315MISC microsoft — internet_explorer_9_and_11   A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230. 2020-06-09 not yet calculated CVE-2020-1260MISC microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1225. 2020-06-09 not yet calculated CVE-2020-1226MISCMISC microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka ‘Microsoft Project Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1322MISC microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka ‘Microsoft Office Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1321MISC microsoft — multiple_products A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka ‘Microsoft Outlook Security Feature Bypass Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1229MISC microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1226. 2020-06-09 not yet calculated CVE-2020-1225MISCMISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka ‘Windows WalletService Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1294. 2020-06-09 not yet calculated CVE-2020-1287MISC microsoft — multiple_windows_products An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1261. 2020-06-09 not yet calculated CVE-2020-1263MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306. 2020-06-09 not yet calculated CVE-2020-1334MISC microsoft — multiple_windows_products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1236. 2020-06-09 not yet calculated CVE-2020-1208MISC microsoft — multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1348MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka ‘Windows Print Configuration Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1196MISC microsoft — multiple_windows_products A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1301MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 not yet calculated CVE-2020-1269MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ‘Group Policy Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1317MISC microsoft — multiple_windows_products A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka ‘Windows Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1300MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312. 2020-06-09 not yet calculated CVE-2020-1302MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1271MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka ‘Windows Text Service Framework Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1314MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1291MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. 2020-06-09 not yet calculated CVE-2020-1282MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka ‘Windows WLAN Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1270MISC microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka ‘Component Object Model Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1311MISC microsoft — multiple_windows_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka ‘LNK Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1299MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka ‘Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1203. 2020-06-09 not yet calculated CVE-2020-1202MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. 2020-06-09 not yet calculated CVE-2020-1262MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. 2020-06-09 not yet calculated CVE-2020-1231MISC microsoft — multiple_windows_products   A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka ‘Windows OLE Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1281MISCMISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312. 2020-06-09 not yet calculated CVE-2020-1272MISC microsoft — multiple_windows_products   An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka ‘Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1202. 2020-06-09 not yet calculated CVE-2020-1203MISC microsoft — nugetgallery A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka ‘NuGetGallery Spoofing Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1340MISC microsoft — sharepoint_enterprise_server_2013_and_2016_and_sharepoint_server_2019   An elevation of privilege vulnerability exists in Microsoft SharePoint, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1295MISC microsoft — sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013_and_sharepoint_server_2019 An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka ‘SharePoint Open Redirect Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1323MISC microsoft — system_center_2016_operations_manager A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka ‘System Center Operations Manager Spoofing Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1331MISC microsoft — visual_studio_code_live_share_extension   An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka ‘Visual Studio Code Live Share Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1343MISC microsoft — windows_10   An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka ‘Windows Feedback Hub Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1199MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1316. 2020-06-09 not yet calculated CVE-2020-1307MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka ‘Windows Update Orchestrator Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1313MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307. 2020-06-09 not yet calculated CVE-2020-1316MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334. 2020-06-09 not yet calculated CVE-2020-1304MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka ‘Windows Host Guardian Service Security Feature Bypass Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1259MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka ‘Windows Bluetooth Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1280MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka ‘Windows WalletService Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1287. 2020-06-09 not yet calculated CVE-2020-1294MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka ‘Windows Lockscreen Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1279MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1234MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1263. 2020-06-09 not yet calculated CVE-2020-1261MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1222. 2020-06-09 not yet calculated CVE-2020-1309MISC microsoft — windows_10_and_windows_server_and_windows_server_2016_and_2019   An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1305MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312. 2020-06-09 not yet calculated CVE-2020-1277MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka ‘Windows Shell Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1286MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1309. 2020-06-09 not yet calculated CVE-2020-1222MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1290MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1204MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 A vulnerability exists in the way the Windows Diagnostics &amp; feedback settings app handles objects in memory, aka ‘Windows Diagnostics & feedback Information Disclosure Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1296MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1162. 2020-06-09 not yet calculated CVE-2020-1324MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. 2020-06-09 not yet calculated CVE-2020-1233MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334. 2020-06-09 not yet calculated CVE-2020-1306MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka ‘Windows Now Playing Session Manager Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1201MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1302. 2020-06-09 not yet calculated CVE-2020-1312MISC microsoft — windows_10_and_windows_server_and_windows_server_2019 An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka ‘OpenSSH for Windows Elevation of Privilege Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1292MISC microsoft — word_for_android A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka ‘Word for Android Remote Code Execution Vulnerability’. 2020-06-09 not yet calculated CVE-2020-1223MISC mids_reborn_hero_designer — mids_reborn_hero_designer Mids’ Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer. 2020-06-11 not yet calculated CVE-2020-11614MISCMISC mids_reborn_hero_designer — mids_reborn_hero_designer   Mids’ Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. 2020-06-11 not yet calculated CVE-2020-11613MISCMISC mitel — micollab_awv   A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. 2020-06-10 not yet calculated CVE-2020-11798CONFIRMCONFIRM mitsubishi — melsec-iq-r_series_devices Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. 2020-06-10 not yet calculated CVE-2020-13238MISCCONFIRMMISC morgan_stanley — hobbes   In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. 2020-06-12 not yet calculated CVE-2020-13656MISC mosc — mosc   mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution. 2020-06-10 not yet calculated CVE-2020-7672MISC networkmanager — networkmanager   It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. 2020-06-08 not yet calculated CVE-2020-10754CONFIRMFEDORA node-extend — node-extend   node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. 2020-06-10 not yet calculated CVE-2020-7673MISC ohler — agoo   agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. 2020-06-10 not yet calculated CVE-2020-7670MISCMISC open_connectivity_framework — universal_plug_and_play_protocol The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. 2020-06-08 not yet calculated CVE-2020-12695MISCMLISTMISCMISCMISCMISC openstack — cinder   An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the “connection_info“ element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user’s volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project 2020-06-10 not yet calculated CVE-2020-10755CONFIRMMISC p5-crypt-perl — p5-crypt-perl   Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail. 2020-06-07 not yet calculated CVE-2020-13895MISCMISC palo_alto_networks — globalprotect_app A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows. 2020-06-10 not yet calculated CVE-2020-2032MISC palo_alto_networks — globalprotect_app   When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the ‘pre-login’ user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled. 2020-06-10 not yet calculated CVE-2020-2033MISC palo_alto_networks — pan-os An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7. 2020-06-10 not yet calculated CVE-2020-2028MISC palo_alto_networks — pan-os   A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7. 2020-06-10 not yet calculated CVE-2020-2027MISC palo_alto_networks — pan-os   An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. 2020-06-10 not yet calculated CVE-2020-2029MISC philips — intellibridge_enterprise   Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. 2020-06-11 not yet calculated CVE-2020-12023MISC phpmussel — phpmussel   phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP’s phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don’t use PHP’s phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0. 2020-06-10 not yet calculated CVE-2020-4043MISCMISCMISCCONFIRMMISC postrank_labs — goliath   goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. 2020-06-10 not yet calculated CVE-2020-7671MISCMISC pydio — cells_enterprise_ovf The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more. 2020-06-11 not yet calculated CVE-2020-12850MISCMISCMISC qemu — qemu   An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. 2020-06-09 not yet calculated CVE-2020-10761CONFIRMMISC red_hat — openshift_api_server   A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. 2020-06-12 not yet calculated CVE-2020-10752CONFIRMCONFIRM red_hat — undertow A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the “Expect: 100-continue” header may cause an out of memory error. This flaw may potentially lead to a denial of service. 2020-06-10 not yet calculated CVE-2020-10705MISC redash — redash   Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the “JSON” data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc. 2020-06-11 not yet calculated CVE-2020-12725MISCMISCMISC sap — business_objects_business_intelligence_platform Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. 2020-06-10 not yet calculated CVE-2020-6269MISCMISC sap — business_one   Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. 2020-06-10 not yet calculated CVE-2020-6239MISCMISC sap — commerce   SAP Commerce, versions – 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions – 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. 2020-06-09 not yet calculated CVE-2020-6265MISCMISC sap — commerce   SAP Commerce, versions – 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. 2020-06-10 not yet calculated CVE-2020-6264MISCMISC sap — erp   Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions – 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. 2020-06-10 not yet calculated CVE-2020-6268MISCMISC sap — fiori_for_sap_s4/hana   SAP Fiori for SAP S/4HANA, versions – 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. 2020-06-10 not yet calculated CVE-2020-6266MISCMISC sap — netweaver_as_abap   SAP NetWeaver AS ABAP (Banking Services), versions – 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. 2020-06-10 not yet calculated CVE-2020-6270MISCMISC sap — netweaver_as_abap   SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. 2020-06-10 not yet calculated CVE-2020-6275MISCMISC sap — netweaver_as_abap   SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. 2020-06-10 not yet calculated CVE-2020-6246MISCMISC sap — netweaver_as_java Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. 2020-06-10 not yet calculated CVE-2020-6263MISCMISC sap — solution_manager   SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). 2020-06-10 not yet calculated CVE-2020-6271MISCMISC sap — solution_manager   SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist. 2020-06-10 not yet calculated CVE-2020-6260MISCMISC sap — successfactors_recruiting OData APIs and JobApplicationInterview and JobApplication export permissions in SAP SuccessFactors Recruiting, version 2005, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2020-06-10 not yet calculated CVE-2020-6279MISCMISC secure_scaleable_scuttlebutt — ssb-db SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it’s decrypting any message that it can. This means that it is returning the decrypted content of private messages, which a malicious peer could use to get access to private data. This only affects peers running [email protected] who also have private messages, and is only known to be exploitable if you’re also running SSB-OOO (default in SSB-Server), which exposes a thin wrapper around get() to anonymous peers. This is fixed in version 20.0.1. Note that users of SSB-Server verion 16.0.0 should upgrade to 16.0.1 to get the fixed version of SSB-DB. 2020-06-11 not yet calculated CVE-2020-4045MISCCONFIRM siemens — logo!   A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. 2020-06-10 not yet calculated CVE-2020-7589MISCMISC siemens — multiple_devices   A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. 2020-06-10 not yet calculated CVE-2020-7585MISCMISC siemens — multiple_devices   A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS 7 (All versions), SIMATIC PCS neo (All versions), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. 2020-06-10 not yet calculated CVE-2020-7580MISCMISC siemens — multiple_devices   A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. 2020-06-10 not yet calculated CVE-2020-7586MISCMISC sony — multiple_wireless_headphones   Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing. 2020-06-09 not yet calculated CVE-2020-5589MISCMISC sos — jobscheduler   A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user’s profile. 2020-06-11 not yet calculated CVE-2020-12712CONFIRMMISCMISC suse — xawtv   An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. 2020-06-08 not yet calculated CVE-2020-13696SUSESUSECONFIRMMISCMISCMISCMISCMLIST synaptics — smart_audio_uwp_app   An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. 2020-06-09 not yet calculated CVE-2020-8337MISCMISC the_linux_foundation — indy_node   In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3. 2020-06-11 not yet calculated CVE-2020-11090MISCCONFIRMMISC tuple — access-policy   access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. 2020-06-10 not yet calculated CVE-2020-7674MISC viki_solutions — vera   The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. 2020-06-12 not yet calculated CVE-2019-15123MISCMISC vmware — spring_batch   When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known “deserialization gadgets”. Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch’s Jackson support is being leveraged to serialize a job’s ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown “deserialization gadgets” when enabling default typing. 2020-06-11 not yet calculated CVE-2020-5411CONFIRM wago — pfc200_devices   An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-06-11 not yet calculated CVE-2020-6090MISC wordpress — wordpress In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 not yet calculated CVE-2020-4047MISCCONFIRMMISC wordpress — wordpress   In affected versions of WordPress, misuse of the `set-screen-option` filter’s return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 not yet calculated CVE-2020-4050MISCCONFIRMMISC wordpress — wordpress   In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 not yet calculated CVE-2020-4049MISCCONFIRMMISC wordpress — wordpress   In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 not yet calculated CVE-2020-4048MISCCONFIRMMISC wordpress — wordpress   In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). 2020-06-12 not yet calculated CVE-2020-4046CONFIRMMISC zenphoto — zenphoto   Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. 2020-06-11 not yet calculated CVE-2020-5593MISCMISC zenphoto — zenphoto   Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors. 2020-06-11 not yet calculated CVE-2020-5592MISCMISC zoho — manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. 2020-06-12 not yet calculated CVE-2020-14048MISCMISC Back to to This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 1, 2020
    by CISA on June 8, 2020 at 10:56 am

    Original release date: June 8, 2020 | Last revised: June 22, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info asus — aura_sync   Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. 2020-06-02 7.2 CVE-2019-17603MISC cisco — ios_xe_software   A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. 2020-06-03 7.2 CVE-2020-3207CISCO cisco — ios_xe_software   A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. 2020-06-03 7.2 CVE-2020-3214CISCO clearpass — policy_manager   The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. 2020-06-03 10 CVE-2020-7115MISC clearpass — policy_manager   The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. 2020-06-03 9 CVE-2020-7116MISC clearpass — policy_manager   The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. 2020-06-03 9 CVE-2020-7117MISC d-link — dir-865l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. 2020-06-03 7.5 CVE-2020-13782MISC docker — engine   An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. 2020-06-02 7.5 CVE-2020-13401MISCMISCCONFIRM farsite — farlinx_x25_gateway   FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. 2020-06-01 7.5 CVE-2014-7175MISC farsite — farlinx_x25_gateway   FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. 2020-06-01 7.5 CVE-2014-7173MISC fortinet — foritap-s/w2_and_fortiap-u   An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. 2020-06-01 8.5 CVE-2019-15709MISC foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. 2020-06-04 7.5 CVE-2019-20830CONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. 2020-05-29 7.5 CVE-2020-11038CONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. 2020-05-29 7.5 CVE-2020-11039CONFIRM gesio — erp   There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. 2020-06-01 7.5 CVE-2020-8967CONFIRM github — enterprise_server   An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. 2020-06-03 7.5 CVE-2020-10516MISCMISCMISC ibm — security_guardium   IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735. 2020-06-03 9 CVE-2020-4180XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. 2020-06-03 7.5 CVE-2020-4177XFCONFIRM micro_focus — service_management_automation   There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. 2020-05-29 7.5 CVE-2020-11844CONFIRM piwigo — lexiglot   admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. 2020-06-01 7.5 CVE-2014-8945MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. 2020-06-01 7.5 CVE-2014-8941MISC qualcomm — multiple_snapdragon_products   Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 2020-06-02 7.2 CVE-2019-14054CONFIRM qualcomm — multiple_snapdragon_products   Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 2020-06-02 7.8 CVE-2020-3645CONFIRM qualcomm — multiple_snapdragon_products   NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130 2020-06-02 7.2 CVE-2020-3618CONFIRM qualcomm — multiple_snapdragon_products   When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130 2020-06-02 7.2 CVE-2020-3625CONFIRM qualcomm — multiple_snapdragon_products   Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-06-02 7.5 CVE-2020-3615CONFIRM qualcomm — multiple_snapdragon_products   Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130 2020-06-02 7.2 CVE-2019-14066CONFIRM qualcomm — multiple_snapdragon_products   Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-02 10 CVE-2020-3633CONFIRM qualcomm — multiple_snapdragon_products   Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-02 10 CVE-2020-3641CONFIRM qualcomm — multiple_snapdragon_products   Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150 2020-06-02 7.2 CVE-2020-3616CONFIRM qualcomm — multiple_snapdragon_products   Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605 2020-06-02 7.2 CVE-2019-14087CONFIRM qualcomm — sm8250_and_sxr2130_devices   kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130 2020-06-02 7.2 CVE-2020-3623CONFIRM quickbox — quickbox_community_and_pro_editions   In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. 2020-06-01 9 CVE-2020-13695MISC quickbox — quickbox_community_and_pro_editions   In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. 2020-06-01 9 CVE-2020-13694MISC quickbox — quickbox_community_and_pro_editions   QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. 2020-06-01 9 CVE-2020-13448MISCMISC rconfig — rconfig   rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. 2020-06-04 7.5 CVE-2020-10548MISC rconfig — rconfig   rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. 2020-06-04 7.5 CVE-2020-10549MISC rconfig — rconfig   rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. 2020-06-04 7.5 CVE-2020-10546MISC rconfig — rconfig   rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. 2020-06-04 7.5 CVE-2020-10547MISC sabberworm — php_css_parser   Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. 2020-06-03 7.5 CVE-2020-13756MISCMISCMISCMISC samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020). 2020-06-04 7.5 CVE-2020-13832CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020). 2020-06-04 7.5 CVE-2020-13831CONFIRM swarco — cpu_ls4000_series   An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4… grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. 2020-05-29 10 CVE-2020-12493CONFIRM systemd — systemd   systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. 2020-06-03 10 CVE-2020-13776MISC verizon — serialize-javascript   serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function “deleteFunctions” within “index.js”. 2020-06-01 7.5 CVE-2020-7660MISC wordpress — wordpress   An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. 2020-05-29 7.5 CVE-2020-13693MISCMISCMISCMISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 2pisoftware — cmfive system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. 2020-06-01 5 CVE-2014-9702MISC apache — ignite   Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. 2020-06-03 6.4 CVE-2020-1963MLISTMISCMLISTMLISTMLIST atlassian — companion_app   The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. 2020-06-01 6.5 CVE-2020-4020MISC atlassian — companion_app   The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app’s cmd.exe via a untrusted search path vulnerability. 2020-06-01 4.4 CVE-2020-4019MISC atlassian — fisheye_and_crucible   The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. 2020-06-01 5 CVE-2020-4016MISCMISC atlassian — fisheye_and_crucible   The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. 2020-06-01 4 CVE-2020-4015MISCMISC atlassian — fisheye_and_crucible   The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. 2020-06-01 5 CVE-2020-4017MISCMISC atlassian — fisheye_and_crucible   The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user’s watching settings for a repository via an improper authorization vulnerability. 2020-06-01 4 CVE-2020-4014MISCMISC atlassian — fisheye_and_crucible   The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. 2020-06-01 4.3 CVE-2020-4023MISCMISC atlassian — fisheye_and_crucible   The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. 2020-06-01 6.8 CVE-2020-4018MISCMISC atlassian — navigator_links   The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. 2020-06-03 4 CVE-2020-4026MISCMISC bitrix — bitrix24   modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. 2020-06-01 4.3 CVE-2020-13758MISC celluloid — reel   reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more. 2020-06-01 5 CVE-2020-7659MISC cisco — multiple_products   Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. 2020-06-02 5 CVE-2020-10136CERT-VNMISCMISC cisco — prime_infrastructure   A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. 2020-06-03 6.4 CVE-2020-3339CISCO cisco — webex_network_recording_player_and_cisco_webex_player_for_microsoft_windows   A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. 2020-06-03 4.3 CVE-2020-3322CISCO cisco — webex_network_recording_player_and_webex_player_for_microsoft_windows   A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. 2020-06-03 4.3 CVE-2020-3321CISCO compound — finance_compound_price_oracle   The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings. 2020-06-03 5 CVE-2019-20809MISC cybele — thinfinity_virtualUI   Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. 2020-06-04 4.3 CVE-2019-16385MISC cybele — thinfinity_virtualui   Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. 2020-06-04 4 CVE-2019-16384MISC d-link — dir-856l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. 2020-06-03 6.8 CVE-2020-13786MISC d-link — dir-865l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. 2020-06-03 5 CVE-2020-13787MISC d-link — dir-865l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. 2020-06-03 5 CVE-2020-13785MISC d-link — dir-865l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. 2020-06-03 5 CVE-2020-13784MISC d-link — dir-865l_devices   D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. 2020-06-03 5 CVE-2020-13783MISC django-project — django   An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. 2020-06-03 4.3 CVE-2020-13596MISCMISCCONFIRM django_project — django   An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. 2020-06-03 5 CVE-2020-13254MISCMISCCONFIRM elastic — elastic_app_search   Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. 2020-06-03 4.3 CVE-2020-7011N/A elastic — elastic_cloud_on_kubernetes   Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK. 2020-06-03 5 CVE-2020-7010N/A elastic — kibana   Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. 2020-06-03 6.5 CVE-2020-7013N/A elastic — kibana   Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. 2020-06-03 6.5 CVE-2020-7012N/A farsite — farlinx_x25_gateway   FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. 2020-06-01 5 CVE-2014-7174MISC fastecdsa — fastecdsa   An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail. 2020-06-02 5 CVE-2020-12607CONFIRMCONFIRMCONFIRMCONFIRM fortiguard — forticlient_for_windows   An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. 2020-06-01 4.6 CVE-2020-9291MISC foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. 2020-06-04 5 CVE-2019-20813CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. 2020-06-04 5 CVE-2019-20815CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. 2020-06-04 5 CVE-2019-20816CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. 2020-06-04 5 CVE-2019-20814CONFIRM foxit — phantompdf_mac_and_foxit_reader_for_mac   An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. 2020-06-04 5 CVE-2020-13803CONFIRM foxit — reader_and_phantompdf An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. 2020-06-04 5 CVE-2019-20818CONFIRM foxit — reader_and_phantompdf An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. 2020-06-04 5 CVE-2019-20837CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. 2020-06-04 4.3 CVE-2019-20835CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. 2020-06-04 5 CVE-2019-20820CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. 2020-06-04 5 CVE-2020-13806CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. 2020-06-04 5 CVE-2020-13807CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. 2020-06-04 5 CVE-2020-13808CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. 2020-06-04 5 CVE-2020-13809CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. 2020-06-04 5 CVE-2019-20817CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. 2020-06-04 5 CVE-2019-20819CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. 2020-06-04 5 CVE-2020-13805CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. 2020-06-04 5 CVE-2019-20828CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. 2020-06-04 5 CVE-2019-20829CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. 2020-06-04 5 CVE-2019-20836CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. 2020-06-04 6.8 CVE-2020-13804CONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, when running with logger set to “WLOG_TRACE”, a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. 2020-05-29 5 CVE-2020-11019CONFIRM freerdp — freerdp   In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. 2020-05-29 6.4 CVE-2020-11085MISCCONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. 2020-05-29 5.5 CVE-2020-11088MISCCONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. 2020-05-29 5.5 CVE-2020-11087MISCCONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. 2020-05-29 5.5 CVE-2020-11086MISCCONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. 2020-05-29 5 CVE-2020-11043CONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. 2020-05-29 4 CVE-2020-11040CONFIRM freerdp — freerdp   In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, …). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. 2020-05-29 4 CVE-2020-11041CONFIRM freerdp — freerdp   In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. 2020-05-29 6.5 CVE-2020-11089MISCMISCCONFIRM google — chrome   Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6502MISCMISC google — chrome   Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-06-03 4.3 CVE-2020-6495MISCMISC google — chrome   Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6499MISCMISC google — chrome   Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6500MISCMISC google — chrome   Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-06-03 6.8 CVE-2020-6419MISCMISC google — chrome   Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6501MISCMISC google — chrome   Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-06-03 6.8 CVE-2020-6493MISCMISC google — chrome   Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-06-03 6.8 CVE-2020-6453MISCMISC google — chrome   Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-06-03 4.3 CVE-2011-2863MISC google — chrome   Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-06-03 6.8 CVE-2011-1805MISC google — chrome   Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6504MISCMISC google — chrome_on_android   Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6494MISCMISC google — chrome_on_ios   Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2020-06-03 4.3 CVE-2020-6498MISCMISC google — chrome_on_ios   Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. 2020-06-03 4.3 CVE-2020-6497MISCMISC google — chrome_on_macos   Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-06-03 6.8 CVE-2020-6496MISCMISC grafana_labs — grafana   The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. 2020-06-03 5 CVE-2020-13379CONFIRMMISCMISCMISCCONFIRM grafana_labs — grafana   Grafana 5.3.1 has XSS via a link on the “Dashboard > All Panels > General” screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. 2020-06-02 4.3 CVE-2018-18625MISC grafana_labs — grafana   Grafana 5.3.1 has XSS via the “Dashboard > Text Panel” screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. 2020-06-02 4.3 CVE-2018-18623MISC grafana_labs — grafana   Grafana 5.3.1 has XSS via a column style on the “Dashboard > Table Panel” screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. 2020-06-02 4.3 CVE-2018-18624MISC huawei — cloudengine_12800_products   CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. 2020-05-29 5 CVE-2020-1870CONFIRM huawei — e6878-370_products   E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. 2020-05-29 5.8 CVE-2020-1832CONFIRM huawei — multiple_products   There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 2020-06-01 4 MISC ibm — planning_analytics_local   IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. 2020-06-02 4.3 CVE-2020-4366XFCONFIRM ibm — planning_analytics_local   IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. 2020-06-02 5 CVE-2020-4367XFCONFIRM ibm — planning_analytics_local   IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. 2020-06-02 4.3 CVE-2020-4503XFCONFIRM ibm — qradar_siem   IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. 2020-06-04 5.5 CVE-2020-4509XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738. 2020-06-03 4.3 CVE-2020-4182XFCONFIRM ibm — security_guardium   IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. 2020-06-03 4.6 CVE-2020-4190XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. 2020-06-04 5 CVE-2020-4193XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. 2020-06-03 5 CVE-2020-4187XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739. 2020-06-04 4.3 CVE-2020-4183XFCONFIRM istio — istio   Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service. 2020-06-02 5 CVE-2020-10739CONFIRMMISCCONFIRM jenkins — jenkins Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. 2020-06-03 6.5 CVE-2020-2200MLISTCONFIRM jenkins — jenkins   Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. 2020-06-03 4.3 CVE-2020-2199MLISTCONFIRM jenkins — jenkins   A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. 2020-06-03 4.3 CVE-2020-2192MLISTCONFIRM jenkins — jenkins   Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. 2020-06-03 4 CVE-2020-2191MLISTCONFIRM jenkins — jenkins   Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the ‘getConfigAsXML’ API URL when transmitting job config.xml data to users without Job/Configure. 2020-06-03 4 CVE-2020-2198MLISTCONFIRM jenkins — jenkins   Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. 2020-06-03 4 CVE-2020-2197MLISTCONFIRM jenkins — jenkins   Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. 2020-06-03 6 CVE-2020-2196MLISTCONFIRM joomla! — joomla!   In Joomla! before 3.9.19, lack of input validation in the heading tag option of the “Articles – Newsflash” and “Articles – Categories” modules allows XSS. 2020-06-02 4.3 CVE-2020-13761MISC joomla! — joomla!   In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. 2020-06-02 5 CVE-2020-13763MISC joomla! — joomla!   In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. 2020-06-02 6.8 CVE-2020-13760MISC joomla! — joomla!   In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. 2020-06-02 4.3 CVE-2020-13762MISC kubernetes — containernetworking/plugins   A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. 2020-06-03 6 CVE-2020-10749CONFIRMMISC libipeg-turbo — libipeg-turbo   libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. 2020-06-03 5.8 CVE-2020-13790MISCMISC libvirt — libvirt   A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. 2020-06-02 4 CVE-2020-10703REDHATCONFIRMCONFIRMCONFIRMCONFIRM linux — linux_kernel   go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. 2020-06-03 4.9 CVE-2019-20810MISCMISC linux — linux_kernel   An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. 2020-06-03 4.9 CVE-2019-20812MISCMISC mediawiki — mediawiki   resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. 2020-06-02 5.8 CVE-2020-10959MISCMISCMISC mulesoft — mulesoft_ce/ee   A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. 2020-05-29 5 CVE-2020-6937CONFIRM naviwebs — navigate_cms An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. 2020-06-03 4.3 CVE-2020-13798MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. 2020-06-03 4.3 CVE-2020-13796MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. 2020-06-03 4.3 CVE-2020-13797MISC naviwebs — navigate_cms   An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. 2020-06-03 5 CVE-2020-13795MISCMISC october — october_cms   In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). 2020-06-03 4 CVE-2020-5296MISCCONFIRM october — october_cms   In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). 2020-06-03 4 CVE-2020-5297MISCCONFIRM october — october_cms   In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). 2020-06-03 4 CVE-2020-5295MISCCONFIRM phplist — phplist   phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. 2020-06-04 4.3 CVE-2020-13827MISC pi-hole — pi-hole_web   Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. 2020-05-29 6.5 CVE-2020-8816CONFIRMMISCMISCMISCMISCMISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows CSRF. 2020-06-01 6.8 CVE-2014-8942MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. 2020-06-01 5 CVE-2014-8937MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. 2020-06-01 4.3 CVE-2014-8939MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. 2020-06-01 5 CVE-2014-8940MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. 2020-06-01 6.5 CVE-2014-8943MISC playtube — playtube   PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. 2020-06-03 4 CVE-2020-13792MISC python-rsa — python-rsa   Python-RSA 4.0 ignores leading ‘\0’ bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). 2020-06-01 5 CVE-2020-13757MISC qemu — qemu   address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. 2020-06-02 5 CVE-2020-13659CONFIRMMISC qemu — qemu   hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. 2020-06-02 4.6 CVE-2020-13754CONFIRMMISC qualcomm — multiple_snapdragon_products   A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SXR1130 2020-06-02 6.9 CVE-2020-3680CONFIRM qualcomm — multiple_snapdragon_products   Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, Saipan, SC8180X, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-02 4.6 CVE-2020-3630CONFIRM qualcomm — multiple_snapdragon_products   Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-02 4.6 CVE-2020-3610CONFIRM qualcomm — multiple_snapdragon_products   Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845 2020-06-02 4.6 CVE-2019-14078CONFIRM qualcomm — multiple_snapdragon_products   Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-02 4.6 CVE-2019-14077CONFIRM rust-vmm — vm-memory   rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). 2020-06-02 5 CVE-2020-13759MISCMISCMISC samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). 2020-06-04 5 CVE-2020-13830CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). 2020-06-04 5 CVE-2020-13835CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). 2020-06-04 6.4 CVE-2020-13833CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). 2020-06-04 5 CVE-2020-13836CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). 2020-06-04 5 CVE-2020-13834CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). 2020-06-04 5 CVE-2020-13829CONFIRM synk — broker All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network by creating symlinks to match whitelisted paths. 2020-05-29 4 CVE-2020-7653MISCMISC synk — broker   All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. 2020-05-29 4.3 CVE-2020-7654MISCMISC synk — broker   All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk’s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` 2020-05-29 4 CVE-2020-7648MISCMISC synk — broker   All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal. 2020-05-29 4 CVE-2020-7652MISCMISC synk — broker   All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk’s internal network of any files ending in the following extensions: yaml, yml or json. 2020-05-29 4 CVE-2020-7650MISCMISC synk — broker   All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk’s internal network via patch history from GitHub Commits API. 2020-05-29 4 CVE-2020-7651MISCMISC sysax — multi_server   An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. 2020-06-02 5 CVE-2020-13227MISCMISCMISC sysax — multi_server   An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. 2020-06-02 4.3 CVE-2020-13228MISCMISCMISC sysax — multi_server   An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token. 2020-06-02 6.8 CVE-2020-13229MISCMISC upx — upx   p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. 2020-06-01 4.3 CVE-2019-20805MISCMISC vmware — multiple_products   VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. 2020-05-29 6.9 CVE-2020-3957CONFIRM vmware — spring_cloud_config   Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. 2020-06-02 5 CVE-2020-5410CONFIRM websocket-extensions — websocket-extensions websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. 2020-06-02 5 CVE-2020-7663MISCMISCMISCMISC websocket-extensions — websocket-extensions websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. 2020-06-02 5 CVE-2020-7662MISCMISCMISCMISC wordpress — wordpress   common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. 2020-06-02 5 CVE-2020-13764MISCMISC wordpress — wordpress   The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). 2020-06-02 4.3 CVE-2019-11843MISCMISCMISC zimbra — zimbra   Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a “Corrupt File” error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. 2020-06-03 6 CVE-2020-12846MISCCONFIRMMISC znc — znc   ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. 2020-06-02 4.3 CVE-2020-13775MISCCONFIRM zoho — manageengine_opmanager   In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. 2020-06-04 5 CVE-2020-13818MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — device_library_wizard   Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data 2020-05-29 2.1 CVE-2020-8482CONFIRM atlassian — fisheye_and_crucible   The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. 2020-06-01 3.5 CVE-2020-4013MISCMISC atlassian — jira_server_and_data_center   Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. 2020-06-01 3.5 CVE-2020-4021MISC avaya — ip_office   A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. 2020-06-04 2.1 CVE-2020-7030MISCCONFIRM elastic — kibana   Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. 2020-06-03 3.5 CVE-2020-7015N/A fortiguard — fortianalyzer   An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. 2020-06-04 3.5 CVE-2020-6640MISC huawei — honor_9x_smartphones   Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. 2020-05-29 2.1 CVE-2020-1833CONFIRM huawei — mate_10_smartphones   HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. 2020-05-29 2.1 CVE-2020-1809CONFIRM huawei — mate_20_smartphones HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. 2020-05-29 2.1 CVE-2020-1797CONFIRM huawei — mate_20_smartphones   HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. 2020-05-29 1.9 CVE-2020-1831CONFIRM ibm — planning_analytics_local   IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. 2020-06-02 3.5 CVE-2020-4360XFCONFIRM ibm — planning_analytics_local   IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. 2020-06-02 3.5 CVE-2020-4431XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997. 2020-06-03 3.3 CVE-2020-4307XFCONFIRM ibm — security_guardium   IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. 2020-06-04 2.1 CVE-2020-4191XFCONFIRM jenkins — jenkins   Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. 2020-06-03 3.5 CVE-2020-2195MLISTCONFIRM jenkins — jenkins   Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. 2020-06-03 3.5 CVE-2020-2190MLISTCONFIRM jenkins — jenkins   Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. 2020-06-03 3.5 CVE-2020-2194MLISTCONFIRM jenkins — jenkins   Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. 2020-06-03 3.5 CVE-2020-2193MLISTCONFIRM linux — linux_kernel   An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. 2020-06-03 2.1 CVE-2019-20811MISCMISC october — october_cms   In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). 2020-06-03 3.5 CVE-2020-5298MISCCONFIRM piwigo — lexiglot   Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. 2020-06-01 3.5 CVE-2014-8944MISC piwigo — lexiglot   Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. 2020-06-01 2.1 CVE-2014-8938MISC qualcomm — multiple_snapdragon_products When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-06-02 3.6 CVE-2019-14053CONFIRM qualcomm — multiple_snapdragon_products   Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24 2020-06-02 3.6 CVE-2019-14038CONFIRM qualcomm — multiple_snapdragon_products   Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24 2020-06-02 3.6 CVE-2019-14039CONFIRM qualcomm — multiple_snapdragon_products   Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 2020-06-02 2.1 CVE-2019-14067CONFIRM qualcomm — multiple_snapdragon_products   Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9650, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-02 3.6 CVE-2019-14043CONFIRM qualcomm — multiple_snapdragon_products   Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-06-02 3.6 CVE-2019-14042CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). 2020-06-04 3.6 CVE-2020-13837CONFIRM samsung — multiple_mobile_devices   An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020). 2020-06-04 3.6 CVE-2020-13838CONFIRM sane — backends   A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. 2020-06-01 2.1 CVE-2020-12867CONFIRMCONFIRM vmware — esxi_and_workstation_and_fusion   VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine’s vmx process leading to a denial of service condition. 2020-05-29 2.1 CVE-2020-3958MISCCONFIRM vmware — esxi_and_workstation_and_fusion   VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine’s vmx process leading to a partial denial of service. 2020-05-29 2.1 CVE-2020-3959CONFIRM zte — ft680_router   ZTE’s PON terminal product is impacted by the access control vulnerability. Due to the system not performing correct access control on some program interfaces, an attacker could use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations. This affects: <ZTE F680><V9.0.10P1N6> 2020-06-01 3.3 CVE-2020-6868MISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — unomi   Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. 2020-06-05 not yet calculated CVE-2020-11975MISC apple — multiple_products   A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. 2020-06-05 not yet calculated CVE-2020-9859MISC athom — homey_and_homey_pro_devices   An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target’s Wi-Fi networks. 2020-06-04 not yet calculated CVE-2020-9462MISC bitdefender — antivirus_free   A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. 2020-06-05 not yet calculated CVE-2020-8103CONFIRM bludit — bludit   showAlert() in the administration panel in Bludit 3.12.0 allows XSS. 2020-06-06 not yet calculated CVE-2020-13889MISC castel — nextgen_dvr   Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account. 2020-06-04 not yet calculated CVE-2020-11679MISCFULLDISCMISC castel — nextgen_dvr   Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed. 2020-06-04 not yet calculated CVE-2020-11682MISCFULLDISCMISC castel — nextgen_dvr   Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials. 2020-06-04 not yet calculated CVE-2020-11681MISCFULLDISCMISC castel — nextgen_dvr   Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc. 2020-06-04 not yet calculated CVE-2020-11680MISCFULLDISCMISC cisco — 4300_series_integrated_services_routers_and_catalyst_9800-l_wireless_controllers A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle. 2020-06-03 not yet calculated CVE-2020-3220CISCO cisco — 809_and_829_industrial_services_routers   A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15. 2020-06-03 not yet calculated CVE-2020-3208CISCO cisco — application_services_engine_software   A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device. 2020-06-03 not yet calculated CVE-2020-3335CISCO cisco — application_services_engine_software   A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device. 2020-06-03 not yet calculated CVE-2020-3333CISCO cisco — asr_920_series_aggregation_service_router A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2020-06-03 not yet calculated CVE-2020-3232CISCO cisco — catalyst-2960-l_series_switches_and_catalyst_cdp-8p_switches A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication. 2020-06-03 not yet calculated CVE-2020-3231CISCO cisco — catalyst_4500_series_switches   A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system. 2020-06-03 not yet calculated CVE-2020-3235CISCO cisco — catalyst_9800_series_wireless_controllers   A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device. 2020-06-03 not yet calculated CVE-2020-3221CISCO cisco — catalyst_9800_series_wireless_controllers   A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition. 2020-06-03 not yet calculated CVE-2020-3203CISCO cisco — catalyst_9800_series_wireless_controllers   A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. 2020-06-03 not yet calculated CVE-2020-3206CISCO cisco — digital_network_architecture_center   A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. 2020-06-03 not yet calculated CVE-2020-3281CISCO cisco — identity_services_engine   A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition. 2020-06-03 not yet calculated CVE-2020-3353CISCO cisco — ios_and_ios_xe_software   A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2020-06-03 not yet calculated CVE-2020-3201CISCO cisco — ios_and_ios_xe_software   A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device. 2020-06-03 not yet calculated CVE-2020-3204CISCO cisco — ios_and_ios_xe_software   A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2020-06-03 not yet calculated CVE-2020-3200CISCO cisco — ios_and_ios_xe_software   A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. 2020-06-03 not yet calculated CVE-2020-3230CISCO cisco — ios_xe_sd-wan_software   A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. 2020-06-03 not yet calculated CVE-2020-3216CISCO cisco — ios_xe_software Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2020-06-03 not yet calculated CVE-2020-3225CISCO cisco — ios_xe_software A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system’s filesystem. 2020-06-03 not yet calculated CVE-2020-3223CISCO cisco — ios_xe_software   A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device. 2020-06-03 not yet calculated CVE-2020-3212CISCO cisco — ios_xe_software   A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device. 2020-06-03 not yet calculated CVE-2020-3219CISCO cisco — ios_xe_software   A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. 2020-06-03 not yet calculated CVE-2020-3226CISCO cisco — ios_xe_software   A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition. 2020-06-03 not yet calculated CVE-2020-3224CISCO cisco — ios_xe_software   A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. 2020-06-03 not yet calculated CVE-2020-3222CISCO cisco — ios_xe_software   A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. 2020-06-03 not yet calculated CVE-2020-3209CISCO cisco — ios_xe_software   A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise. 2020-06-03 not yet calculated CVE-2020-3211CISCO cisco — ios_xe_software   A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device. 2020-06-03 not yet calculated CVE-2020-3215CISCO cisco — ios_xe_software   A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. 2020-06-03 not yet calculated CVE-2020-3213CISCO cisco — ios_xe_software   A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. 2020-06-03 not yet calculated CVE-2020-3227CISCO cisco — ios_xe_software   A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device. 2020-06-03 not yet calculated CVE-2020-3218CISCO cisco — ios_xe_web_management_software   A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. 2020-06-03 not yet calculated CVE-2020-3229CISCO cisco — iox_application   A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. 2020-06-03 not yet calculated CVE-2020-3238CISCO cisco — iox_application   A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. 2020-06-03 not yet calculated CVE-2020-3237CISCO cisco — iox_application_framework   A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. 2020-06-03 not yet calculated CVE-2020-3233CISCO cisco — multiple_products   A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition. 2020-06-03 not yet calculated CVE-2020-3217CISCO cisco — multiple_products   A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2020-06-03 not yet calculated CVE-2020-3228CISCO cisco — multiple_routers   Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-03 not yet calculated CVE-2020-3199CISCO cisco — multiple_routers   A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device&rsquo;s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. 2020-06-03 not yet calculated CVE-2020-3234CISCO cisco — multiple_routers   A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. 2020-06-03 not yet calculated CVE-2020-3210CISCO cisco — multiple_routers   Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-03 not yet calculated CVE-2020-3198CISCO cisco — multiple_routers   A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory. 2020-06-03 not yet calculated CVE-2020-3205CISCO cisco — multiple_routers   Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-03 not yet calculated CVE-2020-3257CISCO cisco — multiple_routers   Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. 2020-06-03 not yet calculated CVE-2020-3258CISCO cisco — unified_contact_center_express   A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. 2020-06-03 not yet calculated CVE-2020-3267CISCO cisco — webex_network_recording_player_and_webex_player_for_microsoft_windows A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3. 2020-06-03 not yet calculated CVE-2020-3319CISCO combodo — itop In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. 2020-06-05 not yet calculated CVE-2020-11697CONFIRMCONFIRM combodo — itop   In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. 2020-06-05 not yet calculated CVE-2020-11696CONFIRMCONFIRM craft — craft_cms   An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. 2020-06-05 not yet calculated CVE-2020-13869MISC craft — craft_cms   An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. 2020-06-05 not yet calculated CVE-2020-13870MISC craft — craft_cms   An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. 2020-06-05 not yet calculated CVE-2020-13868MISC docker — desktop   An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. 2020-06-05 not yet calculated CVE-2020-11492MISCMISC elastic — elasticsearch   The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. 2020-06-03 not yet calculated CVE-2020-7014N/A elliptic — elliptic   The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘\0’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. 2020-06-04 not yet calculated CVE-2020-13822MISCMISCMISCMISC fortiguard — forticlient_for_windows   Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. 2020-06-04 not yet calculated CVE-2019-16150MISC fortiguard — fortisiem_windows_agent   An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. 2020-06-04 not yet calculated CVE-2020-9292MISC foxit — e-mail_advertising_system   An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. 2020-06-04 not yet calculated CVE-2018-21235CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. 2020-06-04 not yet calculated CVE-2019-20825CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. 2020-06-04 not yet calculated CVE-2019-20832CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. 2020-06-04 not yet calculated CVE-2018-21237CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. 2020-06-04 not yet calculated CVE-2018-21242CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. 2020-06-04 not yet calculated CVE-2019-20824CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. 2020-06-04 not yet calculated CVE-2018-21241CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. 2020-06-04 not yet calculated CVE-2018-21244CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures. 2020-06-04 not yet calculated CVE-2019-20834CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. 2020-06-04 not yet calculated CVE-2019-20823CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. 2020-06-04 not yet calculated CVE-2018-21243CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. 2020-06-04 not yet calculated CVE-2018-21238CONFIRM foxit — phantompdf   An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. 2020-06-04 not yet calculated CVE-2019-20833CONFIRM foxit — phantompdf_mac   An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference. 2020-06-04 not yet calculated CVE-2019-20821CONFIRM foxit — phantompdf_mac   An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. 2020-06-04 not yet calculated CVE-2019-20826CONFIRM foxit — phantompdf_mac_and_reader_for_mac   An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. 2020-06-04 not yet calculated CVE-2019-20827CONFIRM foxit — reader   An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. 2020-06-04 not yet calculated CVE-2018-21236CONFIRM foxit — reader_and_phantompdf An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data. 2020-06-04 not yet calculated CVE-2019-20822CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. 2020-06-04 not yet calculated CVE-2018-21239CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. 2020-06-04 not yet calculated CVE-2018-21240CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. 2020-06-04 not yet calculated CVE-2020-13814CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. 2020-06-04 not yet calculated CVE-2020-13810CONFIRM foxit — reader_and_phantompdf   An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. 2020-06-04 not yet calculated CVE-2020-13815CONFIRM foxit — reader_and_phantompdf   An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. 2020-06-04 not yet calculated CVE-2019-20831CONFIRM foxit — studio_photo An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. 2020-06-04 not yet calculated CVE-2020-13812CONFIRM foxit — studio_photo   An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. 2020-06-04 not yet calculated CVE-2020-13813CONFIRM foxit — studio_photo   An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file. 2020-06-04 not yet calculated CVE-2020-13811CONFIRM ge — multiple_grid_solutions_reason_rt_clocks   GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the ‘configuration’ user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system. 2020-06-02 not yet calculated CVE-2020-12017MISC gnutls — gnutls   GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. 2020-06-04 not yet calculated CVE-2020-13777CONFIRMFEDORADEBIAN google — chrome   Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-06-03 not yet calculated CVE-2020-6503MISCMISC huawei — multiple_products   Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. 2020-06-05 not yet calculated CVE-2020-1883MISC huawei — multiple_smartphones   Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. 2020-06-05 not yet calculated CVE-2020-9074MISC ibm — websphere_application_server   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. 2020-06-05 not yet calculated CVE-2020-4449XFCONFIRMMISC ibm — websphere_application_server   IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. 2020-06-05 not yet calculated CVE-2020-4450XFCONFIRMMISC ibm — websphere_application_server_network_deployment IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. 2020-06-05 not yet calculated CVE-2020-4448XFCONFIRMMISC ibm — worklight/mobilefoundation   IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user’s session. IBM X-Force ID: 175211. 2020-06-05 not yet calculated CVE-2020-4229XFCONFIRM kubernetes — kube-controller-manager   The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master’s host network (such as link-local or loopback services). 2020-06-05 not yet calculated CVE-2020-8555CONFIRMMLIST lg — multiple_mobile_devices An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). 2020-06-05 not yet calculated CVE-2020-13841CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). 2020-06-05 not yet calculated CVE-2020-13843CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). 2020-06-05 not yet calculated CVE-2020-13839CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). 2020-06-05 not yet calculated CVE-2020-13842CONFIRM lg — multiple_mobile_devices   An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). 2020-06-05 not yet calculated CVE-2020-13840CONFIRM minishare — minishare   In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued. 2020-06-04 not yet calculated CVE-2020-13768MISC mqtt — mqtt   The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. 2020-06-04 not yet calculated CVE-2020-13849MISCMISC neon — neon   The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. 2020-06-06 not yet calculated CVE-2020-13890MISC network_time_foundation — network_time_protocol ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim’s ntpd instance. 2020-06-04 not yet calculated CVE-2020-13817MISCMISC nghttp2 — nghttp2   In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. 2020-06-03 not yet calculated CVE-2020-11080MISCMISCCONFIRMDEBIAN nozbe — watermelondb   In WatermelonDB (NPM package “@nozbe/watermelondb”) before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don’t validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won’t synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it’s not possible to nest an insert/update query inside a delete query in SQLite, and it’s not possible to pass a semicolon-separated second query. There’s also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It’s theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fix 2020-06-03 not yet calculated CVE-2020-4035MISCCONFIRM october — october_cms   In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466). 2020-06-03 not yet calculated CVE-2020-5299MISCMISCCONFIRM october — october_cms   The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that’s more restrictive. 2020-06-04 not yet calculated CVE-2020-11094MISCCONFIRM open-iscsi — targetcli-fb   Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). 2020-06-05 not yet calculated CVE-2020-13867MISC pam_tacplus —  pam_tacplus   In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. 2020-06-06 not yet calculated CVE-2020-13881MISCMISC perl — perl   regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. 2020-06-05 not yet calculated CVE-2020-12723CONFIRMCONFIRMCONFIRMMISCMISC perl — perl   Perl before 5.30.3 has an integer overflow related to mishandling of a “PL_regkind[OP(n)] == NOTHING” situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. 2020-06-05 not yet calculated CVE-2020-10878CONFIRMCONFIRMCONFIRMCONFIRM perl — perl   Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. 2020-06-05 not yet calculated CVE-2020-10543CONFIRMCONFIRMCONFIRM postgresql — jdbc_driver   PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. 2020-06-04 not yet calculated CVE-2020-13692CONFIRMCONFIRM pupnp — pupnp   Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. 2020-06-04 not yet calculated CVE-2020-13848MISCMISC pydio — cells   Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. 2020-06-04 not yet calculated CVE-2020-12853MISC pydio — cells   Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. 2020-06-04 not yet calculated CVE-2020-12851MISCMISC pydio — cells   The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”. 2020-06-04 not yet calculated CVE-2020-12852MISCMISC pydio — cells   In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed. 2020-06-05 not yet calculated CVE-2020-12848MISCMISC pydio — cells   Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. 2020-06-05 not yet calculated CVE-2020-12849MISCMISC pydio — cells   Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary. 2020-06-04 not yet calculated CVE-2020-12847MISCMISC qemu — qemu A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. 2020-06-04 not yet calculated CVE-2020-10702CONFIRMCONFIRM qemu — qemu   ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. 2020-06-04 not yet calculated CVE-2020-13800MISCCONFIRM qemu — qemu   rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. 2020-06-04 not yet calculated CVE-2020-13765MISCCONFIRM qemu — qemu   hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. 2020-06-04 not yet calculated CVE-2020-13791MISCCONFIRM sqlite — sqlite   SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. 2020-06-06 not yet calculated CVE-2020-13871MISCMISCMISC swift_networks — red_cheetah   In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL. 2020-06-05 not yet calculated CVE-2020-13646MISC tigera — calico_and_calico_enterprise   Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod. 2020-06-03 not yet calculated CVE-2020-13597CONFIRMCONFIRMCONFIRM url-regex — url-regex   all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. 2020-06-04 not yet calculated CVE-2020-7661MISCMISC weaveworks — weave_net   In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it’s pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond. If by chance you also have on the host a vulnerability like last year’s RCE in apt (CVE-2019-3462), you can now escalate to the host. Weave Net version 2.6.3 disables the accept_ra option on the veth devices that it creates. 2020-06-03 not yet calculated CVE-2020-11091MISCCONFIRM wordpress — worpdress   The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. 2020-06-05 not yet calculated CVE-2020-13864MISC wordpress — worpdress   The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. 2020-06-05 not yet calculated CVE-2020-13865MISC wso2 — multiple_products   In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. 2020-06-06 not yet calculated CVE-2020-13883MISC xack — dns   XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver’s performance or compromising the recursive resolver as a reflector in a reflection attack. 2020-06-05 not yet calculated CVE-2020-5591MISCMISC zephyrproject — zephyr A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10063MISCMISCMISCMISCMISCMISC zephyrproject — zephyr An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10062MISCMISCMISCMISC zephyrproject — zephyr   The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10071MISCMISCMISCMISC zephyrproject — zephyr   In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10070MISCMISCMISCMISC zephyrproject — zephyr   Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10061MISCMISCMISCMISCMISCMISC zephyrproject — zephyr   In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. 2020-06-05 not yet calculated CVE-2020-10068MISCMISCMISCMISCMISCMISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

Share This Information.

2 thoughts on “US National Cyber Awareness System Bulletins

  1. If some one wants to be updated with latest technologies then he must be pay a
    quick visit this website and be up to date
    all the time.

  2. It’s a pity you don’t have a donate button! I’d most certainly donate to
    this fantastic blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account.

    I look forward to new updates and will talk about this blog with my Facebook group.
    Talk soon!

Leave a Reply

Your email address will not be published. Required fields are marked *