6-29 VB High, Medium, Low Tables
Released
Jun 29, 2020
Document ID
BA
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| qualcomm -- multiple_snapdragon_products | Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 10 | CVE-2019-14062 CONFIRM MISC |
| qualcomm -- snapdragon_consumer_iot | Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 | 2020-06-22 | 10 | CVE-2020-3628 CONFIRM MISC |
| gitlab -- gitlab | A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 2020-06-19 | 7.8 | CVE-2020-13273 CONFIRM MISC |
| conjur -- oss_helm_chart | In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC). | 2020-06-22 | 7.7 | CVE-2020-4062 MISC CONFIRM |
| mattermost -- mattermost_desktop_app | An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | 2020-06-19 | 7.5 | CVE-2016-11064 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | 2020-06-19 | 7.5 | CVE-2016-11074 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf. | 2020-06-19 | 7.5 | CVE-2017-18885 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. | 2020-06-19 | 7.5 | CVE-2017-18888 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. | 2020-06-19 | 7.5 | CVE-2017-18900 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | 2020-06-19 | 7.5 | CVE-2017-18908 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | 2020-06-19 | 7.5 | CVE-2017-18912 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | 2020-06-19 | 7.5 | CVE-2017-18915 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | 2020-06-19 | 7.5 | CVE-2017-18920 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | 2020-06-19 | 7.5 | CVE-2018-21251 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2019-14073 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2019-14080 CONFIRM MISC |
| mattermost -- mattermost_desktop_app | An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | 2020-06-19 | 7.5 | CVE-2019-20856 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | 2020-06-19 | 7.5 | CVE-2019-20881 CONFIRM |
| apache -- shiro | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 2020-06-22 | 7.5 | CVE-2020-11989 MISC |
| rtslib-fb -- rtslib-fb | Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | 2020-06-19 | 7.5 | CVE-2020-14019 MISC |
| mattermost -- mattermost_desktop_app | An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | 2020-06-19 | 7.5 | CVE-2020-14456 CONFIRM |
| dmitry -- deepmagic_information_gathering_tool | A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. | 2020-06-19 | 7.5 | CVE-2020-14931 MISC |
| squirrelmail -- squirrelmail | compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. | 2020-06-20 | 7.5 | CVE-2020-14932 MISC |
| squirrelmail -- squirrelmail | compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 2020-06-20 | 7.5 | CVE-2020-14933 MISC |
| tendenci -- tendenci | Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | 2020-06-21 | 7.5 | CVE-2020-14942 MISC |
| sourcecodester -- pisay_online_e-learning_system | Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. | 2020-06-22 | 7.5 | CVE-2020-14972 MISC MISC |
| qualcomm -- multiple_snapdragon_products | Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2020-3614 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3660 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3661 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3662 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3663 CONFIRM MISC |
| mergeobjects -- mergeobjects | The mergeObjects utility function is susceptible to Prototype Pollution. | 2020-06-19 | 7.5 | CVE-2020-7679 MISC MISC MISC |
| ruby_on_rails -- ruby_on_rails | A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | 2020-06-19 | 7.5 | CVE-2020-8165 MISC MISC MLIST |
| qualcomm -- multiple_snapdragon_products | kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.2 | CVE-2019-10597 CONFIRM |
| qualcomm -- multiple_snapdragon_products | While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130 | 2020-06-22 | 7.2 | CVE-2019-14047 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 | 2020-06-22 | 7.2 | CVE-2020-3613 CONFIRM MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | 2020-06-19 | 6.8 | CVE-2019-20841 CONFIRM |
| mattermost -- mattermost_desktop_app | An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | 2020-06-19 | 6.8 | CVE-2019-20861 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | 2020-06-19 | 6.8 | CVE-2019-20865 CONFIRM |
| woocommerce -- woocommerce | WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 2020-06-19 | 6.8 | CVE-2019-20891 MISC MISC |
| nukeviet -- nukeviet | clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | 2020-06-23 | 6.8 | CVE-2020-13155 MISC MISC |
| information_builders -- webfocus_business_intelligence | WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | 2020-06-22 | 6.8 | CVE-2020-14203 MISC |
| fortinet -- fortideceptor | An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | 2020-06-22 | 6.8 | CVE-2020-6644 CONFIRM |
| bitdefender -- total_security_2020 | Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | 2020-06-22 | 6.8 | CVE-2020-8102 MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | 2020-06-19 | 6.5 | CVE-2017-18886 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | 2020-06-19 | 6.5 | CVE-2018-21263 CONFIRM |
| gitlab -- gitlab_community_and_enterprise_editions | OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 2020-06-19 | 6.5 | CVE-2020-13272 CONFIRM MISC MISC |
| aapanel -- aapanel | aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 2020-06-21 | 6.5 | CVE-2020-14950 MISC |
| php-fusion -- php-fusion | A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | 2020-06-22 | 6.5 | CVE-2020-14960 MISC MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | 2020-06-19 | 6.4 | CVE-2016-11072 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | 2020-06-19 | 6.4 | CVE-2017-18911 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 6.4 | CVE-2020-3658 CONFIRM MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | 2020-06-19 | 5.8 | CVE-2017-18897 CONFIRM |
| information_builders -- webfocus_business_intelligence | In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. | 2020-06-22 | 5.8 | CVE-2020-14204 MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | 2020-06-19 | 5.8 | CVE-2020-14454 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | 2020-06-19 | 5.5 | CVE-2017-18894 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | 2020-06-19 | 5.5 | CVE-2019-20876 CONFIRM |
| gitlab -- gitlab_enterprise_edition | A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 2020-06-19 | 5.5 | CVE-2020-13275 CONFIRM MISC MISC |
| ec-cube -- ec-cube | Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 2020-06-19 | 5.5 | CVE-2020-5590 MISC MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | 2020-06-19 | 5.1 | CVE-2017-18903 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | 2020-06-19 | 5 | CVE-2015-9548 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | 2020-06-19 | 5 | CVE-2016-11062 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | 2020-06-19 | 5 | CVE-2016-11066 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | 2020-06-19 | 5 | CVE-2016-11067 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | 2020-06-19 | 5 | CVE-2016-11068 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | 2020-06-19 | 5 | CVE-2016-11069 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | 2020-06-19 | 5 | CVE-2016-11075 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | 2020-06-19 | 5 | CVE-2016-11076 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. | 2020-06-19 | 5 | CVE-2017-18871 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members. | 2020-06-19 | 5 | CVE-2017-18887 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. | 2020-06-19 | 5 | CVE-2017-18895 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | 2020-06-19 | 5 | CVE-2017-18896 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. | 2020-06-19 | 5 | CVE-2017-18898 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | 2020-06-19 | 5 | CVE-2017-18899 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. | 2020-06-19 | 5 | CVE-2017-18901 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. | 2020-06-19 | 5 | CVE-2017-18902 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 2020-06-19 | 5 | CVE-2017-18905 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | 2020-06-19 | 5 | CVE-2017-18914 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | 2020-06-19 | 5 | CVE-2017-18916 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | 2020-06-19 | 5 | CVE-2017-18917 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | 2020-06-19 | 5 | CVE-2017-18919 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | 2020-06-19 | 5 | CVE-2018-21248 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | 2020-06-19 | 5 | CVE-2018-21258 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | 2020-06-19 | 5 | CVE-2019-20847 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | 2020-06-19 | 5 | CVE-2019-20854 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. | 2020-06-19 | 5 | CVE-2019-20855 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | 2020-06-19 | 5 | CVE-2019-20857 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | 2020-06-19 | 5 | CVE-2019-20858 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. | 2020-06-19 | 5 | CVE-2019-20859 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. | 2020-06-19 | 5 | CVE-2019-20862 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | 2020-06-19 | 5 | CVE-2019-20863 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | 2020-06-19 | 5 | CVE-2019-20867 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | 2020-06-19 | 5 | CVE-2019-20868 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. | 2020-06-19 | 5 | CVE-2019-20871 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | 2020-06-19 | 5 | CVE-2019-20874 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. | 2020-06-19 | 5 | CVE-2019-20875 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | 2020-06-19 | 5 | CVE-2019-20882 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | 2020-06-19 | 5 | CVE-2019-20886 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | 2020-06-19 | 5 | CVE-2019-20889 CONFIRM |
| gitlab -- gitlab_community_and_enterprise_editions | Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 2020-06-19 | 5 | CVE-2020-13264 CONFIRM MISC MISC |
| gitlab -- gitlab_community_and_enterprise_editions | User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 2020-06-19 | 5 | CVE-2020-13265 CONFIRM MISC MISC |
| zyxel_armor -- zyxel_armor | Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | 2020-06-22 | 5 | CVE-2020-14461 MISC |
| alpine -- alpine | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 2020-06-19 | 5 | CVE-2020-14929 MISC MLIST |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | 2020-06-24 | 5 | CVE-2020-4327 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | 2020-06-24 | 5 | CVE-2020-4341 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | 2020-06-24 | 5 | CVE-2020-4342 XF CONFIRM |
| ruby_on_rails -- ruby_on_rails | A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 2020-06-19 | 5 | CVE-2020-8162 MISC MISC |
| ruby_on_rails -- ruby_on_rails | A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 2020-06-19 | 5 | CVE-2020-8164 MISC MISC MLIST |
| rack -- rack | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 2020-06-19 | 5 | CVE-2020-8184 MISC MISC |
| apache -- archiva | Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. | 2020-06-19 | 5 | CVE-2020-9495 MISC MLIST MLIST MLIST MLIST MLIST |
| qualcomm -- multiple_snapdragon_products | Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14076 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14091 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14094 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3626 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3635 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3642 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150 | 2020-06-22 | 4.6 | CVE-2020-3665 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3676 CONFIRM MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | 2020-06-19 | 4.3 | CVE-2016-11063 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | 2020-06-19 | 4.3 | CVE-2016-11071 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | 2020-06-19 | 4.3 | CVE-2016-11073 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | 2020-06-19 | 4.3 | CVE-2016-11079 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | 2020-06-19 | 4.3 | CVE-2016-11082 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | 2020-06-19 | 4.3 | CVE-2016-11083 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | 2020-06-19 | 4.3 | CVE-2016-11084 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. | 2020-06-19 | 4.3 | CVE-2017-18877 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | 2020-06-19 | 4.3 | CVE-2017-18879 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | 2020-06-19 | 4.3 | CVE-2017-18880 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. | 2020-06-19 | 4.3 | CVE-2017-18881 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | 2020-06-19 | 4.3 | CVE-2017-18882 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | 2020-06-19 | 4.3 | CVE-2017-18892 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. | 2020-06-19 | 4.3 | CVE-2017-18893 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | 2020-06-19 | 4.3 | CVE-2017-18904 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. | 2020-06-19 | 4.3 | CVE-2017-18907 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | 2020-06-19 | 4.3 | CVE-2017-18909 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. | 2020-06-19 | 4.3 | CVE-2017-18913 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. | 2020-06-19 | 4.3 | CVE-2017-18921 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | 2020-06-19 | 4.3 | CVE-2018-21249 CONFIRM |
| redhat -- redhat | A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. | 2020-06-22 | 4.3 | CVE-2019-3865 CONFIRM |
| nukeviet -- nukeviet | modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. | 2020-06-23 | 4.3 | CVE-2020-13156 MISC MISC |
| nukeviet -- nukeviet | modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. | 2020-06-23 | 4.3 | CVE-2020-13157 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_editions | Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 2020-06-19 | 4.3 | CVE-2020-13262 CONFIRM MISC MISC |
| wordpress -- wordpress | The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | 2020-06-22 | 4.3 | CVE-2020-13426 MISC MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
| victor_cms -- victor_cms | Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. | 2020-06-22 | 4.3 | CVE-2020-13427 MISC MISC |
| information_builders -- webfocus_business_intelligence | WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | 2020-06-22 | 4.3 | CVE-2020-14202 MISC |
| mattermost -- mattermost_desktop_app | An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | 2020-06-19 | 4.3 | CVE-2020-14455 CONFIRM |
| dolibarr -- dolibarr | A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | 2020-06-19 | 4.3 | CVE-2020-14475 MISC |
| bt_ctroms -- terminal_os_port_portal_ct-464 | An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | 2020-06-19 | 4.3 | CVE-2020-14930 MISC MISC |
| mutt -- mutt_and_neomutt | Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | 2020-06-21 | 4.3 | CVE-2020-14954 MISC MISC MISC MISC MISC MISC DEBIAN DEBIAN |
| webtareas -- webtereas | The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | 2020-06-22 | 4.3 | CVE-2020-14973 MISC MISC |
| sophos -- secure_email | The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 2020-06-22 | 4.3 | CVE-2020-14980 MISC |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | 2020-06-24 | 4.3 | CVE-2020-4322 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514. | 2020-06-24 | 4.3 | CVE-2020-4323 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. | 2020-06-24 | 4.3 | CVE-2020-4413 XF CONFIRM |
| ruby_on_rails -- ruby_on_rails | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | 2020-06-19 | 4.3 | CVE-2020-8167 MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | 2020-06-19 | 4 | CVE-2016-11065 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | 2020-06-19 | 4 | CVE-2016-11077 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | 2020-06-19 | 4 | CVE-2016-11078 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | 2020-06-19 | 4 | CVE-2016-11080 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | 2020-06-19 | 4 | CVE-2016-11081 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | 2020-06-19 | 4 | CVE-2017-18889 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | 2020-06-19 | 4 | CVE-2017-18910 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. | 2020-06-19 | 4 | CVE-2017-18918 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | 2020-06-19 | 4 | CVE-2018-21253 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | 2020-06-19 | 4 | CVE-2018-21260 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID. | 2020-06-19 | 4 | CVE-2019-20870 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. | 2020-06-19 | 4 | CVE-2019-20873 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. | 2020-06-19 | 4 | CVE-2019-20878 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. | 2020-06-19 | 4 | CVE-2019-20879 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. | 2020-06-19 | 4 | CVE-2019-20887 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | 2020-06-19 | 4 | CVE-2019-20890 CONFIRM |
| gitlab -- gitlab_community_and_enterprise_editions | User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 2020-06-19 | 4 | CVE-2020-13276 CONFIRM MISC MISC |
| gitlab -- gitlab_community_and_enterprise_editions | An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 2020-06-19 | 4 | CVE-2020-13277 CONFIRM MISC MISC |
| strapi -- strapi | Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | 2020-06-19 | 4 | CVE-2020-13961 MISC CONFIRM CONFIRM |
| octopus -- deploy | In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 2020-06-19 | 4 | CVE-2020-14470 MISC |
| gogs -- gogs | In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | 2020-06-21 | 4 | CVE-2020-14958 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | 2020-06-19 | 3.5 | CVE-2016-11070 CONFIRM |
| kordil -- kordil_edms | Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | 2020-06-22 | 3.5 | CVE-2020-13888 MISC MISC |
| paessler -- prtg_network_monitor | XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | 2020-06-23 | 3.5 | CVE-2020-14073 MISC MISC |
| cms_made_simple -- cms_made_simple | CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 2020-06-19 | 3.5 | CVE-2020-14926 MISC |
| naviwebs -- navigate_cms | Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | 2020-06-19 | 3.5 | CVE-2020-14927 MISC |
| global_radar -- bsa_radar | The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. | 2020-06-22 | 3.5 | CVE-2020-14943 MISC MISC MISC |
| wordpress -- wordpress | Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. | 2020-06-22 | 3.5 | CVE-2020-14959 MISC |
| wordpress -- wordpress | Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. | 2020-06-22 | 3.5 | CVE-2020-14962 MISC |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141. | 2020-06-19 | 3.5 | CVE-2020-4281 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408. | 2020-06-19 | 3.5 | CVE-2020-4295 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. | 2020-06-19 | 3.5 | CVE-2020-4297 XF CONFIRM |
| fortinet -- fortiwlc | An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | 2020-06-22 | 3.5 | CVE-2020-9288 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 2.1 | CVE-2019-10626 CONFIRM |
| qualcomm -- multiple_snapdragon_products | System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130 | 2020-06-22 | 2.1 | CVE-2019-14092 CONFIRM MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | 2020-06-19 | 2.1 | CVE-2019-20872 CONFIRM |
| inux_foundation -- jaeger | Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. | 2020-06-19 | 2.1 | CVE-2020-10750 CONFIRM CONFIRM |
| vmware -- tools_for_macos | VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | 2020-06-19 | 2.1 | CVE-2020-3972 MISC |
| mcafee -- advanced_threat_defense | Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. | 2020-06-22 | 2.1 | CVE-2020-7262 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.