Jun 8 VB HIGH & MEDIUM TABLES
Released
Jun 08, 2020
Document ID
NA
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| swarco -- cpu_ls4000_series | An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. | 2020-05-29 | 10 | CVE-2020-12493 CONFIRM |
| freedesktop -- systemd | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | 2020-06-03 | 10 | CVE-2020-13776 MISC |
| qualcomm -- multiple_snapdragon_product | Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 10 | CVE-2020-3633 CONFIRM |
| qualcomm -- multiple_snapdragon_product | Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 10 | CVE-2020-3641 CONFIRM |
| clearpass -- policy_manager | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 10 | CVE-2020-7115 MISC |
| quickbox -- community_edition | QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | 2020-06-01 | 9 | CVE-2020-13448 MISC MISC |
| quickbox -- community_edition | In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | 2020-06-01 | 9 | CVE-2020-13694 MISC |
| quickbox -- community_edition | In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | 2020-06-01 | 9 | CVE-2020-13695 MISC |
| ibm -- security_guardium | IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735. | 2020-06-03 | 9 | CVE-2020-4180 XF CONFIRM |
| clearpass -- policy_manager | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 9 | CVE-2020-7116 MISC |
| clearpass -- policy_manager | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 9 | CVE-2020-7117 MISC |
| fortinet -- ap-s/w2 | An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | 2020-06-01 | 8.5 | CVE-2019-15709 MISC |
| qualcomm -- multiple_snapdragon_products | Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 2020-06-02 | 7.8 | CVE-2020-3645 CONFIRM |
| farsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | 2020-06-01 | 7.5 | CVE-2014-7173 MISC |
| farsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | 2020-06-01 | 7.5 | CVE-2014-7175 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | 2020-06-01 | 7.5 | CVE-2014-8941 MISC |
| piwigo -- lexiglot | admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 2020-06-01 | 7.5 | CVE-2014-8945 MISC |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | 2020-06-04 | 7.5 | CVE-2019-20830 CONFIRM |
| github -- enterprise_server | An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. | 2020-06-03 | 7.5 | CVE-2020-10516 MISC MISC MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10546 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10547 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10548 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10549 MISC |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | 2020-05-29 | 7.5 | CVE-2020-11038 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | 2020-05-29 | 7.5 | CVE-2020-11039 CONFIRM |
| micro_focus -- service_management_automation | There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | 2020-05-29 | 7.5 | CVE-2020-11844 CONFIRM |
| docker -- engine | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | 2020-06-02 | 7.5 | CVE-2020-13401 MISC MISC CONFIRM |
| wordpress -- wordpress | An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | 2020-05-29 | 7.5 | CVE-2020-13693 MISC MISC MISC MISC |
| sabberworm -- php_css_parser | Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | 2020-06-03 | 7.5 | CVE-2020-13756 MISC MISC MISC MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | 2020-06-03 | 7.5 | CVE-2020-13782 MISC |
| samsung - multiple_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020). | 2020-06-04 | 7.5 | CVE-2020-13831 CONFIRM |
| samsung - multiple_devices | An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020). | 2020-06-04 | 7.5 | CVE-2020-13832 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130 | 2020-06-02 | 7.5 | CVE-2020-3615 CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | 2020-06-03 | 7.5 | CVE-2020-4177 XF CONFIRM |
| verizon -- serialize-javascript | serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | 2020-06-01 | 7.5 | CVE-2020-7660 MISC |
| gesio -- erp | There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | 2020-06-01 | 7.5 | CVE-2020-8967 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 | 2020-06-02 | 7.2 | CVE-2019-14054 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130 | 2020-06-02 | 7.2 | CVE-2019-14066 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605 | 2020-06-02 | 7.2 | CVE-2019-14087 CONFIRM |
| asus -- aura_sync | Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | 2020-06-02 | 7.2 | CVE-2019-17603 MISC |
| cisco -- ios_xe | A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. | 2020-06-03 | 7.2 | CVE-2020-3207 CISCO |
| cisco -- ios_xe | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | 2020-06-03 | 7.2 | CVE-2020-3214 CISCO |
| qualcomm -- multiple_snapdragon_product | Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150 | 2020-06-02 | 7.2 | CVE-2020-3616 CONFIRM |
| qualcomm -- multiple_snapdragon_product | NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3618 CONFIRM |
| qualcomm -- snapdragon_mobile_devices_sm8250_and_sxr2130 | kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3623 CONFIRM |
| qualcomm -- multiple_snapdragon_products | When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3625 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| qualcomm -- multiple_snapdragon_products | A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SXR1130 | 2020-06-02 | 6.9 | CVE-2020-3680 CONFIRM |
| vmware -- multiple_products | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | 2020-05-29 | 6.9 | CVE-2020-3957 CONFIRM |
| google -- chrome | Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2011-1805 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows CSRF. | 2020-06-01 | 6.8 | CVE-2014-8942 MISC |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token. | 2020-06-02 | 6.8 | CVE-2020-13229 MISC MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | 2020-06-02 | 6.8 | CVE-2020-13760 MISC |
| d-link -- dir-856l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | 2020-06-03 | 6.8 | CVE-2020-13786 MISC |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | 2020-06-04 | 6.8 | CVE-2020-13804 CONFIRM |
| atlassian -- fisheye_and_crucible | The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | 2020-06-01 | 6.8 | CVE-2020-4018 MISC MISC |
| google -- chrome | Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6419 MISC MISC |
| google -- chrome | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6453 MISC MISC |
| google -- chrome | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6493 MISC MISC |
| google -- chrome | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6496 MISC MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | 2020-06-01 | 6.5 | CVE-2014-8943 MISC |
| freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. | 2020-05-29 | 6.5 | CVE-2020-11089 MISC MISC CONFIRM |
| jenkins -- play_framework_plugin | Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 2020-06-03 | 6.5 | CVE-2020-2200 MLIST CONFIRM |
| atlassian -- companion_app | The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | 2020-06-01 | 6.5 | CVE-2020-4020 MISC |
| elasticsearch -- kibana | Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | 2020-06-03 | 6.5 | CVE-2020-7012 N/A |
| elasticsearch -- kibana | Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | 2020-06-03 | 6.5 | CVE-2020-7013 N/A |
| pi-hole -- pi-hole | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 2020-05-29 | 6.5 | CVE-2020-8816 CONFIRM MISC MISC MISC MISC MISC |
| freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. | 2020-05-29 | 6.4 | CVE-2020-11085 MISC CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | 2020-06-04 | 6.4 | CVE-2020-13833 CONFIRM |
| apache -- ignite | Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. | 2020-06-03 | 6.4 | CVE-2020-1963 MLIST MISC MLIST MLIST MLIST |
| cisco -- prime_infrastructure | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | 2020-06-03 | 6.4 | CVE-2020-3339 CISCO |
| red_hat -- containernetworking | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. | 2020-06-03 | 6 | CVE-2020-10749 CONFIRM MISC |
| zimbra -- zimbra | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. | 2020-06-03 | 6 | CVE-2020-12846 MISC CONFIRM MISC |
| jenkins -- selenium_plugin | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 2020-06-03 | 6 | CVE-2020-2196 MLIST CONFIRM |
| mediawiki -- mediawiki | resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | 2020-06-02 | 5.8 | CVE-2020-10959 MISC MISC MISC |
| libipeg-turbo -- libipeg-turbo | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | 2020-06-03 | 5.8 | CVE-2020-13790 MISC MISC |
| huawei -- e6878-370_products | E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. | 2020-05-29 | 5.8 | CVE-2020-1832 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11086 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11087 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11088 MISC CONFIRM |
| ibm -- qradar_siem | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | 2020-06-04 | 5.5 | CVE-2020-4509 XF CONFIRM |
| fairsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. | 2020-06-01 | 5 | CVE-2014-7174 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | 2020-06-01 | 5 | CVE-2014-8937 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. | 2020-06-01 | 5 | CVE-2014-8940 MISC |
| 2pisoftware -- cmfive | system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | 2020-06-01 | 5 | CVE-2014-9702 MISC |
| compound -- finance_compound_price_oracle | The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings. | 2020-06-03 | 5 | CVE-2019-20809 MISC |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20813 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. | 2020-06-04 | 5 | CVE-2019-20814 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | 2020-06-04 | 5 | CVE-2019-20815 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20816 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20817 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. | 2020-06-04 | 5 | CVE-2019-20818 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. | 2020-06-04 | 5 | CVE-2019-20819 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20820 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | 2020-06-04 | 5 | CVE-2019-20828 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | 2020-06-04 | 5 | CVE-2019-20829 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. | 2020-06-04 | 5 | CVE-2019-20836 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | 5 | CVE-2019-20837 CONFIRM |
| cisco -- multiple_products | Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. | 2020-06-02 | 5 | CVE-2020-10136 CERT-VN MISC MISC |
| istio -- istio | Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service. | 2020-06-02 | 5 | CVE-2020-10739 CONFIRM MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | 2020-05-29 | 5 | CVE-2020-11019 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | 2020-05-29 | 5 | CVE-2020-11043 CONFIRM |
| openbsd -- openssh | ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances." | 2020-06-01 | 5 | CVE-2020-12062 MISC MISC MISC MISC |
| fastecdsa -- fastecdsa | An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail. | 2020-06-02 | 5 | CVE-2020-12607 CONFIRM CONFIRM CONFIRM CONFIRM |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | 2020-06-02 | 5 | CVE-2020-13227 MISC MISC MISC |
| django_project -- django | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | 2020-06-03 | 5 | CVE-2020-13254 MISC MISC CONFIRM |
| grafana_labs -- grafana | The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. | 2020-06-03 | 5 | CVE-2020-13379 CONFIRM MISC MISC MISC CONFIRM |
| qemu -- qemu | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | 2020-06-02 | 5 | CVE-2020-13659 CONFIRM MISC |
| python-rsa -- python-rsa | Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | 2020-06-01 | 5 | CVE-2020-13757 MISC |
| rust-vmm -- vm-memory | rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | 2020-06-02 | 5 | CVE-2020-13759 MISC MISC MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | 2020-06-02 | 5 | CVE-2020-13763 MISC |
| rocketgenius -- gravity_forms | common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | 2020-06-02 | 5 | CVE-2020-13764 MISC MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | 2020-06-03 | 5 | CVE-2020-13783 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | 2020-06-03 | 5 | CVE-2020-13784 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | 2020-06-03 | 5 | CVE-2020-13785 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | 2020-06-03 | 5 | CVE-2020-13787 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | 2020-06-03 | 5 | CVE-2020-13795 MISC MISC |
| foxit -- phantompdf_mac_and_foxit_reader_for_mac | An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | 5 | CVE-2020-13803 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | 2020-06-04 | 5 | CVE-2020-13805 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | 2020-06-04 | 5 | CVE-2020-13806 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. | 2020-06-04 | 5 | CVE-2020-13807 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. | 2020-06-04 | 5 | CVE-2020-13808 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | 2020-06-04 | 5 | CVE-2020-13809 CONFIRM |
| zoho -- manageengine_opmanager | In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | 2020-06-04 | 5 | CVE-2020-13818 MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). | 2020-06-04 | 5 | CVE-2020-13829 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). | 2020-06-04 | 5 | CVE-2020-13830 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). | 2020-06-04 | 5 | CVE-2020-13834 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | 2020-06-04 | 5 | CVE-2020-13835 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | 2020-06-04 | 5 | CVE-2020-13836 CONFIRM |
| huawei -- cloudengine_12800_products | CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. | 2020-05-29 | 5 | CVE-2020-1870 CONFIRM |
| atlassian -- fisheye_and_crucible | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 2020-06-01 | 5 | CVE-2020-4016 MISC MISC |
| atlassian -- fisheye_and_crucible | The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | 2020-06-01 | 5 | CVE-2020-4017 MISC MISC |
| ibm -- security_guardium | IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. | 2020-06-03 | 5 | CVE-2020-4187 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | 2020-06-04 | 5 | CVE-2020-4193 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. | 2020-06-02 | 5 | CVE-2020-4367 XF CONFIRM |
| vmware -- spring_cloud_config | Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | 2020-06-02 | 5 | CVE-2020-5410 CONFIRM |
| mulesoft -- mulesoft_ce/ee | A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. | 2020-05-29 | 5 | CVE-2020-6937 CONFIRM |
| elastic_cloud -- kubernetes | Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK. | 2020-06-03 | 5 | CVE-2020-7010 N/A |
| celluloid -- reel | reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more. | 2020-06-01 | 5 | CVE-2020-7659 MISC |
| regex -- regex | websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | 2020-06-02 | 5 | CVE-2020-7662 MISC MISC MISC MISC |
| regex -- regex | websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | 2020-06-02 | 5 | CVE-2020-7663 MISC MISC MISC MISC |
| linux -- linux_kernel | go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | 2020-06-03 | 4.9 | CVE-2019-20810 MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. | 2020-06-03 | 4.9 | CVE-2019-20812 MISC MISC |
| qualcomm -- multiple_snapdragon_products | Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 4.6 | CVE-2019-14077 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845 | 2020-06-02 | 4.6 | CVE-2019-14078 CONFIRM |
| qemu -- qemu | hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | 2020-06-02 | 4.6 | CVE-2020-13754 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 4.6 | CVE-2020-3610 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, Saipan, SC8180X, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 4.6 | CVE-2020-3630 CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | 2020-06-03 | 4.6 | CVE-2020-4190 XF CONFIRM |
| forticlient -- fortieclient | An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | 2020-06-01 | 4.6 | CVE-2020-9291 MISC |
| atlassian -- companion_app | The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | 2020-06-01 | 4.4 | CVE-2020-4019 MISC |
| google -- chrome | Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2011-2863 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | 2020-06-01 | 4.3 | CVE-2014-8939 MISC |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18623 MISC |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18624 MISC |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18625 MISC |
| wordpress -- wordpress | The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | 2020-06-02 | 4.3 | CVE-2019-11843 MISC MISC MISC |
| cybele -- thinfinity_virtualUI | Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. | 2020-06-04 | 4.3 | CVE-2019-16385 MISC |
| upx -- upx | p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. | 2020-06-01 | 4.3 | CVE-2019-20805 MISC MISC |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | 2020-06-04 | 4.3 | CVE-2019-20835 CONFIRM |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | 2020-06-02 | 4.3 | CVE-2020-13228 MISC MISC MISC |
| django -- django | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | 2020-06-03 | 4.3 | CVE-2020-13596 MISC MISC CONFIRM |
| bitrix -- bitrix24 | modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. | 2020-06-01 | 4.3 | CVE-2020-13758 MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | 2020-06-02 | 4.3 | CVE-2020-13761 MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | 2020-06-02 | 4.3 | CVE-2020-13762 MISC |
| znc -- znc | ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | 2020-06-02 | 4.3 | CVE-2020-13775 MISC CONFIRM |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | 2020-06-03 | 4.3 | CVE-2020-13796 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | 2020-06-03 | 4.3 | CVE-2020-13797 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | 2020-06-03 | 4.3 | CVE-2020-13798 MISC |
| phplist -- phplist | phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 2020-06-04 | 4.3 | CVE-2020-13827 MISC |
| jenkins -- self-organizing_swarm | A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 2020-06-03 | 4.3 | CVE-2020-2192 MLIST CONFIRM |
| jenkins -- subversion_partial_release_manager | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 2020-06-03 | 4.3 | CVE-2020-2199 MLIST CONFIRM |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | 2020-06-03 | 4.3 | CVE-2020-3321 CISCO |
| cisco -- webex_network_recording_player_and_cisco_webex_player_for_microsoft_windows | A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | 2020-06-03 | 4.3 | CVE-2020-3322 CISCO |
| atlassian -- fisheye_and_crucible | The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 2020-06-01 | 4.3 | CVE-2020-4023 MISC MISC |
| ibm -- security_guardium | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738. | 2020-06-03 | 4.3 | CVE-2020-4182 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739. | 2020-06-04 | 4.3 | CVE-2020-4183 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. | 2020-06-02 | 4.3 | CVE-2020-4366 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. | 2020-06-02 | 4.3 | CVE-2020-4503 XF CONFIRM |
| google -- chrome | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6494 MISC MISC |
| google -- chrome | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-06-03 | 4.3 | CVE-2020-6495 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | 2020-06-03 | 4.3 | CVE-2020-6497 MISC MISC |
| google -- chrome | Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6498 MISC MISC |
| google -- chrome | Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6499 MISC MISC |
| google -- chrome | Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6500 MISC MISC |
| google -- chrome | Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6501 MISC MISC |
| google -- chrome | Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6502 MISC MISC |
| google -- chrome | Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6504 MISC MISC |
| elastic -- elastic_app_search | Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. | 2020-06-03 | 4.3 | CVE-2020-7011 N/A |
| synk -- broker | All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | 2020-05-29 | 4.3 | CVE-2020-7654 MISC MISC |
| cybele -- thinfinity_virtualui | Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. | 2020-06-04 | 4 | CVE-2019-16384 MISC |
| red_hat -- libvirt | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. | 2020-06-02 | 4 | CVE-2020-10703 REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | 2020-05-29 | 4 | CVE-2020-11040 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | 2020-05-29 | 4 | CVE-2020-11041 CONFIRM |
| playtube -- playtube | PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. | 2020-06-03 | 4 | CVE-2020-13792 MISC |
| jenkins -- self-organizing_swarm | Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 2020-06-03 | 4 | CVE-2020-2191 MLIST CONFIRM |
| jenkins -- project_inheritance | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 2020-06-03 | 4 | CVE-2020-2197 MLIST CONFIRM |
| jenkins -- project_inheritance | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 2020-06-03 | 4 | CVE-2020-2198 MLIST CONFIRM |
| atlassian -- fisheye_and_crucible | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 2020-06-01 | 4 | CVE-2020-4014 MISC MISC |
| atlassian -- fisheye_and_crucible | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 2020-06-01 | 4 | CVE-2020-4015 MISC MISC |
| atlassian -- navigator_links | The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | 2020-06-03 | 4 | CVE-2020-4026 MISC MISC |
| octobercms -- october | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5295 MISC CONFIRM |
| octobercms -- october | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5296 MISC CONFIRM |
| octobercms -- october | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5297 MISC CONFIRM |
| synk -- broker | All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | 2020-05-29 | 4 | CVE-2020-7648 MISC MISC |
| synk -- broker | All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | 2020-05-29 | 4 | CVE-2020-7650 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | 2020-05-29 | 4 | CVE-2020-7651 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | 2020-05-29 | 4 | CVE-2020-7652 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | 2020-05-29 | 4 | CVE-2020-7653 MISC MISC |
| huawei -- multiple_products | There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 | 2020-06-01 | 4 | MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.