Working VB SEVERITY NOT ASSIGNED Table

Released
Mar 30, 2020
Document ID
SB20-090

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
lenovo -- bios
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.2020-03-27not yet calculatedCVE-2015-5684
MISC
lenovo -- system_update
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7333
MISC
lenovo -- system_update
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7334
MISC
lenovo -- system_update
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7335
MISC
lenovo -- system_update
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.2020-03-27not yet calculatedCVE-2015-7336
MISC
lenovo -- solution_center
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-8534
MISC
lenovo -- solution_center
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-8535
MISC
lenovo -- solution_center
 		MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.2020-03-27not yet calculatedCVE-2015-8536
MISC
canonical -- ubuntu
 		python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.2020-03-26not yet calculatedCVE-2019-15795
UBUNTU
UBUNTU
canonical -- ubuntu
 		Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.2020-03-26not yet calculatedCVE-2019-15796
UBUNTU
UBUNTU
canonical -- ubuntu
 		Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.2020-03-25not yet calculatedCVE-2019-18626
MISC
tribal_group -- sits:vision
 		An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.2020-03-25not yet calculatedCVE-2019-19127
MISC
FULLDISC
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).2020-03-24not yet calculatedCVE-2019-20576
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019).2020-03-24not yet calculatedCVE-2019-20577
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).2020-03-24not yet calculatedCVE-2019-20579
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019).2020-03-24not yet calculatedCVE-2019-20580
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).2020-03-24not yet calculatedCVE-2019-20588
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).2020-03-24not yet calculatedCVE-2019-20589
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019).2020-03-24not yet calculatedCVE-2019-20590
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019).2020-03-24not yet calculatedCVE-2019-20591
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019).2020-03-24not yet calculatedCVE-2019-20592
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).2020-03-24not yet calculatedCVE-2019-20593
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019).2020-03-24not yet calculatedCVE-2019-20604
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019).2020-03-24not yet calculatedCVE-2019-20605
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).2020-03-24not yet calculatedCVE-2019-20606
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).2020-03-24not yet calculatedCVE-2019-20607
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).2020-03-24not yet calculatedCVE-2019-20608
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019).2020-03-24not yet calculatedCVE-2019-20609
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).2020-03-24not yet calculatedCVE-2019-20610
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).2020-03-24not yet calculatedCVE-2019-20611
CONFIRM
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).2020-03-24not yet calculatedCVE-2019-20613
CONFIRM
gnu -- gnu
 		GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.2020-03-25not yet calculatedCVE-2019-20633
MISC
3s-smart_software_solutions -- codesys_gatewayservice
 		An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.2020-03-26not yet calculatedCVE-2019-5105
MISC
fireeye -- winring0x64.sys
 		An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7240
MISC
fireeye -- kernel.sys
 		An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7244
MISC
fireeye -- gpu-z.sys
 		An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7245
MISC
fireeye -- gdrv.sys
 		An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7630
MISC
tenable -- codesys_v3
 		CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.2020-03-26not yet calculatedCVE-2020-10245
CONFIRM
MISC
sunnet -- sunnet_ehrd
 		Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.2020-03-27not yet calculatedCVE-2020-10508
MISC
sunnet -- sunnet_ehrdSunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.2020-03-27not yet calculatedCVE-2020-10509
MISC
sunnet -- sunnet_ehrd
 		Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.2020-03-27not yet calculatedCVE-2020-10510
MISC
advantech -- webaccess
 		In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.2020-03-27not yet calculatedCVE-2020-10607
MISC
asus -- asus_device_activation
 		DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.2020-03-25not yet calculatedCVE-2020-10649
MISC
MISC
MISC
MISC
hashicorp -- hashicorp_vault_and_vault_enterprise
 		HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.2020-03-23not yet calculatedCVE-2020-10660
CONFIRM
MISC
ansible -- ansible_engine
 		A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.2020-03-24not yet calculatedCVE-2020-10684
CONFIRM
openitcockpit -- openitcockpit
 		openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.2020-03-25not yet calculatedCVE-2020-10788
MISC
CONFIRM
wordpress -- wordpress
 		The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.2020-03-27not yet calculatedCVE-2020-10817
MISC
MISC
draytek -- multiple_devices
 		A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).2020-03-26not yet calculatedCVE-2020-10823
MISC
draytek -- multiple_devices
 		A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).2020-03-26not yet calculatedCVE-2020-10824
MISC
draytek -- multiple_devices
 		A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).2020-03-26not yet calculatedCVE-2020-10825
MISC
draytek -- multiple_devices
 		/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.2020-03-26not yet calculatedCVE-2020-10826
MISC
draytek -- multiple_devices
 		A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.2020-03-26not yet calculatedCVE-2020-10827
MISC
draytek -- multiple_devices
 		A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.2020-03-26not yet calculatedCVE-2020-10828
MISC
samsung -- multiple_mobile_devices
 		An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).2020-03-24not yet calculatedCVE-2020-10847
CONFIRM
openwrt -- luci
 		** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.2020-03-23not yet calculatedCVE-2020-10871
MISC
MISC
MISC
tp-link -- archer_a7_firmwareThis vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.2020-03-25not yet calculatedCVE-2020-10881
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.2020-03-25not yet calculatedCVE-2020-10882
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.2020-03-25not yet calculatedCVE-2020-10883
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.2020-03-25not yet calculatedCVE-2020-10884
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.2020-03-25not yet calculatedCVE-2020-10885
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.2020-03-25not yet calculatedCVE-2020-10886
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.2020-03-25not yet calculatedCVE-2020-10887
MISC
tp-link -- archer_a7_firmware
 		This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.2020-03-25not yet calculatedCVE-2020-10888
MISC
phoenix -- contact_pc_worx_srt
 		Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.2020-03-27not yet calculatedCVE-2020-10939
CONFIRM
phoenix -- contact_portico_server
 		Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.2020-03-27not yet calculatedCVE-2020-10940
CONFIRM
gitlab -- gitlab_enterprise_and_community_edition
 		GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.2020-03-27not yet calculatedCVE-2020-10952
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.2020-03-27not yet calculatedCVE-2020-10953
CONFIRM
MISC
gitlab -- gitlab
 		GitLab through 12.9 is affected by a potential DoS in repository archive download.2020-03-27not yet calculatedCVE-2020-10954
CONFIRM
MISC
gitlab -- gitLab_enterprise_and_community_edition
 		GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.2020-03-27not yet calculatedCVE-2020-10955
CONFIRM
MISC
gitlab -- gitlab
 		GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.2020-03-27not yet calculatedCVE-2020-10956
CONFIRM
MISC
teradici -- pcoip_mangement_console
 		Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.2020-03-25not yet calculatedCVE-2020-10965
MISC
MISC
vesta_and_hestia_control_panel -- vesta_and_hestia_control_panel
 		In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.2020-03-25not yet calculatedCVE-2020-10966
MISC
CONFIRM
MISC
fasterxml -- jackson-databind
 		FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).2020-03-26not yet calculatedCVE-2020-10968
MISC
MISC
fasterxml -- jackson-databind
 		FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.2020-03-26not yet calculatedCVE-2020-10969
MISC
MISC
accenture -- mercury
 		An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.2020-03-27not yet calculatedCVE-2020-10990
MISC
MISC
mulesoft -- apikit
 		Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java2020-03-27not yet calculatedCVE-2020-10991
MISC
azkaban -- azkaban
 		Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.2020-03-27not yet calculatedCVE-2020-10992
MISC
osmand -- osmand
 		Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.2020-03-27not yet calculatedCVE-2020-10993
MISC
the_fedora_project -- pyyaml_library
 		A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.2020-03-24not yet calculatedCVE-2020-1747
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
kiali -- kiali
 		A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.2020-03-26not yet calculatedCVE-2020-1764
CONFIRM
MISC
otrs -- open_ticket_request_system
 		In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1769
MISC
otrs -- open_ticket_request_system

 

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1770
MISC
otrs -- open_ticket_request_system

 

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1771
MISC
otrs -- open_ticket_request_system

 

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1772
MISC
otrs -- open_ticket_request_system

 

It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1773
MISC
huawei -- multiple_smartphone_devices
 		HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.2020-03-26not yet calculatedCVE-2020-1800
MISC
apache -- shiro
 		Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.2020-03-25not yet calculatedCVE-2020-1957
MISC
MLIST
jenkins -- jenkins
 		Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.2020-03-25not yet calculatedCVE-2020-2160
MLIST
CONFIRM
jenkins -- jenkins
 		Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.2020-03-25not yet calculatedCVE-2020-2161
MLIST
CONFIRM
jenkins -- jenkins
 		Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2166
MLIST
CONFIRM
jenkins -- jenkins
 		Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2167
MLIST
CONFIRM
N/A -- N/A
 		Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2168
MLIST
CONFIRM
N/A -- N/A
 		Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-03-25not yet calculatedCVE-2020-2171
MLIST
CONFIRM
N/A -- N/A
 		ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.2020-03-25not yet calculatedCVE-2020-3761
CONFIRM
N/A -- N/A
 		Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.2020-03-25not yet calculatedCVE-2020-3766
CONFIRM
N/A -- N/A
 		ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.2020-03-25not yet calculatedCVE-2020-3794
CONFIRM
N/A -- N/A
 		UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.2020-03-27not yet calculatedCVE-2020-3920
MISC
N/A -- N/A
 		UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.2020-03-27not yet calculatedCVE-2020-3921
MISC
N/A -- N/A
 		UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.2020-03-27not yet calculatedCVE-2020-3936
MISC
N/A -- N/A
 		IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.2020-03-26not yet calculatedCVE-2020-4276
XF
CONFIRM
N/A -- N/A
 		A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.2020-03-26not yet calculatedCVE-2020-5129
CONFIRM
N/A -- N/A
 		The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.2020-03-23not yet calculatedCVE-2020-5252
CONFIRM
CONFIRM
CONFIRM
N/A -- N/A
 		http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported.2020-03-25not yet calculatedCVE-2020-5280
MISC
MISC
MISC
CONFIRM
N/A -- N/A
 		In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.2020-03-25not yet calculatedCVE-2020-5281
MISC
MISC
CONFIRM
N/A -- N/A
 		In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta2020-03-25not yet calculatedCVE-2020-5282
MISC
CONFIRM
N/A -- N/A
 		RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.2020-03-26not yet calculatedCVE-2020-5339
MISC
N/A -- N/A
 		RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.2020-03-26not yet calculatedCVE-2020-5340
MISC
N/A -- N/A
 		On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.2020-03-27not yet calculatedCVE-2020-5857
MISC
N/A -- N/A
 		On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.2020-03-27not yet calculatedCVE-2020-5858
MISC
N/A -- N/A
 		On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.2020-03-27not yet calculatedCVE-2020-5859
MISC
N/A -- N/A
 		On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).2020-03-27not yet calculatedCVE-2020-5860
MISC
N/A -- N/A
 		On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.2020-03-27not yet calculatedCVE-2020-5861
MISC
N/A -- N/A
 		On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.2020-03-27not yet calculatedCVE-2020-5862
MISC
N/A -- N/A
 		In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.2020-03-27not yet calculatedCVE-2020-5863
MISC
N/A -- N/A
 		An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.2020-03-27not yet calculatedCVE-2020-6095
MISC
N/A -- N/A
 		When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6809
MISC
MISC
N/A -- N/A
 		After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6810
MISC
MISC
N/A -- N/A
 		The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6811
MISC
MISC
MISC
MISC
N/A -- N/A
 		The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6812
MISC
MISC
MISC
MISC
N/A -- N/A
 		When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6813
MISC
MISC
N/A -- N/A
 		Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6814
MISC
MISC
MISC
MISC
N/A -- N/A
 		Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6815
MISC
MISC
N/A -- N/A
 		In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.2020-03-26not yet calculatedCVE-2020-6999
MISC
N/A -- N/A
 		DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.2020-03-26not yet calculatedCVE-2020-7260
CONFIRM
N/A -- N/A
 		An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.2020-03-27not yet calculatedCVE-2020-7918
MISC
MISC
N/A -- N/A
 		In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.2020-03-26not yet calculatedCVE-2020-7944
MISC
N/A -- N/A
 		The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.2020-03-27not yet calculatedCVE-2020-8551
MISC
MISC
N/A -- N/A
 		The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.2020-03-27not yet calculatedCVE-2020-8552
MISC
MISC
N/A -- N/A
 		A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.2020-03-26not yet calculatedCVE-2020-8910
CONFIRM
CONFIRM
N/A -- N/A
 		An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.2020-03-26not yet calculatedCVE-2020-8923
CONFIRM
N/A -- N/A
 		Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.2020-03-26not yet calculatedCVE-2020-9065
MISC
N/A -- N/A
 		Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.2020-03-26not yet calculatedCVE-2020-9066
MISC
N/A -- N/A
 		TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.2020-03-25not yet calculatedCVE-2020-9375
MISC
MISC
CONFIRM
N/A -- N/A
 		The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.2020-03-26not yet calculatedCVE-2020-9468
MISC
MISC
N/A -- N/A
 		An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.2020-03-26not yet calculatedCVE-2020-9521
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.