May 18 VB: Severity not Assigned Tables
Released
May 18, 2020
Document ID
NA
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bond -- jetselect | The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | 2020-05-14 | not yet calculated | CVE-2019-13021 MISC |
| bond -- jetselect | Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). | 2020-05-14 | not yet calculated | CVE-2019-13022 MISC |
| bond -- jetselect | An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | 2020-05-14 | not yet calculated | CVE-2019-13023 MISC |
| zoho -- manageengine_servicedesk_plus | Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page. | 2020-05-14 | not yet calculated | CVE-2019-15083 MISC MISC MISC MISC |
| apache -- cloudstack | A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond. | 2020-05-14 | not yet calculated | CVE-2019-17562 MISC |
| d-link -- dap-1360_devices | An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | 2020-05-15 | not yet calculated | CVE-2019-18666 MISC MISC MISC |
| audiofile -- audiofile | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | 2020-05-15 | not yet calculated | CVE-2019-19721 MISC MISC MISC MISC |
| intelliants -- subrion_cms | An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. | 2020-05-15 | not yet calculated | CVE-2019-20389 MISC |
| intelliants -- subrion_cms | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | 2020-05-15 | not yet calculated | CVE-2019-20390 MISC |
| mongodb -- mongodb | In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. | 2020-05-13 | not yet calculated | CVE-2019-2388 MISC |
| zhejiang_dahua_technology -- multiple_devices | Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. | 2020-05-13 | not yet calculated | CVE-2019-9682 MISC |
| google -- android | In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 | 2020-05-14 | not yet calculated | CVE-2020-0024 MISC |
| google -- android | An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 | 2020-05-14 | not yet calculated | CVE-2020-0064 MISC |
| google -- android | An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 | 2020-05-14 | not yet calculated | CVE-2020-0065 MISC |
| google -- android | An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | 2020-05-14 | not yet calculated | CVE-2020-0090 MISC |
| google -- android | In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | 2020-05-14 | not yet calculated | CVE-2020-0091 MISC |
| google -- android | In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 | 2020-05-14 | not yet calculated | CVE-2020-0092 MISC |
| google -- android | In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | 2020-05-14 | not yet calculated | CVE-2020-0093 MLIST MISC |
| google -- android | In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871 | 2020-05-14 | not yet calculated | CVE-2020-0094 MISC |
| google -- android | In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 | 2020-05-14 | not yet calculated | CVE-2020-0096 MISC |
| google -- android | In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 | 2020-05-14 | not yet calculated | CVE-2020-0097 MISC |
| google -- android | In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | 2020-05-14 | not yet calculated | CVE-2020-0100 MISC |
| zephyr -- zephyr_rtos | USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | 2020-05-11 | not yet calculated | CVE-2020-10019 MISC MISC MISC MISC MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. | 2020-05-14 | not yet calculated | CVE-2020-10620 MISC |
| fazecast -- jserialcomm | In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | 2020-05-14 | not yet calculated | CVE-2020-10626 MISC |
| ansible -- engine | A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. | 2020-05-11 | not yet calculated | CVE-2020-10685 CONFIRM CONFIRM |
| ansible -- engine | An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. | 2020-05-15 | not yet calculated | CVE-2020-10744 CONFIRM |
| xwiki -- platform | In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. | 2020-05-12 | not yet calculated | CVE-2020-11057 CONFIRM MISC MISC |
| slpjs -- slpjs | SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. | 2020-05-12 | not yet calculated | CVE-2020-11071 MISC CONFIRM |
| slpjs -- slpjs | In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. | 2020-05-12 | not yet calculated | CVE-2020-11072 MISC CONFIRM |
| freerdp -- freerdp | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | 2020-05-15 | not yet calculated | CVE-2020-11521 MISC CONFIRM CONFIRM |
| freerdp -- freerdp | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | 2020-05-15 | not yet calculated | CVE-2020-11525 MISC CONFIRM CONFIRM CONFIRM |
| pulseaudio -- pulseaudio | An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | 2020-05-15 | not yet calculated | CVE-2020-11931 MISC |
| ubuntu -- subiguity | It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | 2020-05-13 | not yet calculated | CVE-2020-11932 MISC |
| apache -- camel | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 is affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11971 MLIST MISC |
| apache -- camel | Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11972 MLIST MLIST MISC |
| apache -- camel | Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11973 MLIST MISC |
| 3s-smart_software_solutions -- codesys_development_system | An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. | 2020-05-14 | not yet calculated | CVE-2020-12068 MISC MISC |
| f5 -- nginx | NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass. | 2020-05-14 | not yet calculated | CVE-2020-12440 MISC MISC |
| securecrt -- securecrt | SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | 2020-05-15 | not yet calculated | CVE-2020-12651 MISC MISC CONFIRM MISC |
| progress -- moveit_automation_web_admin | An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. | 2020-05-14 | not yet calculated | CVE-2020-12677 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| interchange -- interchange | XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | 2020-05-15 | not yet calculated | CVE-2020-12685 MISC CONFIRM |
| wordpress -- wordpress | The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. | 2020-05-13 | not yet calculated | CVE-2020-12742 MISC MISC |
| ignite_realtime -- spark | An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | 2020-05-12 | not yet calculated | CVE-2020-12772 MISC |
| cellebrite -- ufed | Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | 2020-05-15 | not yet calculated | CVE-2020-12798 MISC MISC MISC MISC MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | 2020-05-15 | not yet calculated | CVE-2020-12834 MISC |
| yaws -- yaws | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. | 2020-05-15 | not yet calculated | CVE-2020-12872 MISC MISC MISC MISC |
| submitty -- submitty | Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | 2020-05-15 | not yet calculated | CVE-2020-12882 MISC |
| linux -- linux_kernel | The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | 2020-05-15 | not yet calculated | CVE-2020-12888 MISC MISC |
| misp -- misp-maltego | MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | 2020-05-15 | not yet calculated | CVE-2020-12889 MISC |
| pandas -- pandas | pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. | 2020-05-15 | not yet calculated | CVE-2020-13091 MISC |
| scikit-learn -- scikit-learn | scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. | 2020-05-15 | not yet calculated | CVE-2020-13092 MISC |
| morita -- shogi | Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. | 2020-05-16 | not yet calculated | CVE-2020-13109 MISC MISC |
| kerberos -- kerberos | The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | 2020-05-16 | not yet calculated | CVE-2020-13110 MISC MISC MISC MISC |
| naviserver -- naviserver | NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. | 2020-05-16 | not yet calculated | CVE-2020-13111 MISC MISC |
| mikrotik -- mikrotik-router-monitoring-system | An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. | 2020-05-16 | not yet calculated | CVE-2020-13118 MISC |
| submitty -- sumbitty | Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | 2020-05-16 | not yet calculated | CVE-2020-13121 MISC |
| red_hat -- jboss_keycloak | A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. | 2020-05-15 | not yet calculated | CVE-2020-1758 CONFIRM MISC |
| huawei -- multiple_devices | Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. | 2020-05-15 | not yet calculated | CVE-2020-1808 MISC |
| apache -- nuttx | The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected. | 2020-05-12 | not yet calculated | CVE-2020-1939 MISC |
| apache -- ant | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | 2020-05-14 | not yet calculated | CVE-2020-1945 MISC |
| apache -- flink | A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | 2020-05-14 | not yet calculated | CVE-2020-1960 MISC |
| palo_alto_networks -- pan-os | A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | not yet calculated | CVE-2020-1994 CONFIRM |
| palo_alto_networks -- pan-os | A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. | 2020-05-13 | not yet calculated | CVE-2020-1996 CONFIRM |
| palo_alto_networks -- global_protect_agent | An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | 2020-05-13 | not yet calculated | CVE-2020-1997 CONFIRM |
| palo_alto_networks -- pan-os | An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | 2020-05-13 | not yet calculated | CVE-2020-1998 CONFIRM |
| palo_alto_networks -- pan-os | An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0. | 2020-05-13 | not yet calculated | CVE-2020-2002 CONFIRM |
| palo_alto_networks -- pan-os | A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0; | 2020-05-13 | not yet calculated | CVE-2020-2013 CONFIRM |
| clamav -- clam_antivirus | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2020-05-13 | not yet calculated | CVE-2020-3327 CISCO |
| clamav -- clam_antivirus | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2020-05-13 | not yet calculated | CVE-2020-3341 CISCO |
| N/A -- N/A | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | 2020-05-15 | not yet calculated | CVE-2020-3810 MISC MISC MISC MISC MISC |
| spring_security -- spring_security | Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. | 2020-05-14 | not yet calculated | CVE-2020-5408 CONFIRM |
| pallet_control -- pallet_control | Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under the environment where PLS Management Add-on Module is used, all versions are affected. | 2020-05-11 | not yet calculated | CVE-2020-5538 MISC MISC |
| sap -- business_client | SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | 2020-05-12 | not yet calculated | CVE-2020-6244 MISC MISC |
| alsong -- alsong | ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. | 2020-05-15 | not yet calculated | CVE-2020-7809 MISC MISC |
| bitdefender -- bitdefender_engines | Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. | 2020-05-15 | not yet calculated | CVE-2020-8100 MISC |
| N/A -- N/A | Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 2020-05-15 | not yet calculated | CVE-2020-8149 MISC |
| huawei -- p20_smartphones | Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. | 2020-05-15 | not yet calculated | CVE-2020-9073 MISC |
| zhejiang_dahua_technology -- web_p2p | Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. | 2020-05-13 | not yet calculated | CVE-2020-9501 MISC |
| zhejiang_dahua_technology -- multiple_products | Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. | 2020-05-13 | not yet calculated | CVE-2020-9502 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.