Vulnerability Summary for the Week of May 11, 2020
Released
May 18, 2020
Document ID
SB20-139
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| actionpack_page-caching_gem -- actionpack_page-caching_gem | There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | 2020-05-12 | 7.5 | CVE-2020-8159 MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | 7.5 | CVE-2020-10638 MISC MISC MISC MISC MISC MISC MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. | 2020-05-08 | 7.5 | CVE-2020-12022 MISC MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | 2020-05-08 | 7.5 | CVE-2020-12006 MISC MISC MISC MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | 7.5 | CVE-2020-12002 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apache -- log4net | Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users. | 2020-05-11 | 7.5 | CVE-2018-1285 MISC |
| domainmod -- domainmod | reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | 2020-05-08 | 7.5 | CVE-2020-12735 MISC |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | 2020-05-13 | 7.5 | CVE-2020-7454 MISC CONFIRM |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. | 2020-05-13 | 7.5 | CVE-2019-15880 MISC CONFIRM |
| freerdp -- freerdp | libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | 2020-05-15 | 7.5 | CVE-2020-11524 MISC CONFIRM CONFIRM |
| freerdp -- freerdp | libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | 2020-05-15 | 7.5 | CVE-2020-11523 MISC CONFIRM CONFIRM |
| gazie -- gazie | An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. | 2020-05-11 | 7.5 | CVE-2020-12743 CONFIRM |
| glpi_project -- glpi | In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6. | 2020-05-12 | 9 | CVE-2020-11060 MISC CONFIRM |
| gnuteca -- gnuteca | Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | 2020-05-09 | 7.5 | CVE-2020-12766 CONFIRM |
| google -- android | Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851 | 2020-05-14 | 7.5 | CVE-2020-0221 MISC |
| google -- android | In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188 | 2020-05-14 | 10 | CVE-2020-0103 MISC |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266 | 2020-05-14 | 9.3 | CVE-2020-4285 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. | 2020-05-14 | 9.3 | CVE-2020-4422 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269. | 2020-05-14 | 9.3 | CVE-2020-4287 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. | 2020-05-14 | 9.3 | CVE-2020-4288 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. | 2020-05-14 | 9.3 | CVE-2020-4343 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721. | 2020-05-14 | 9.3 | CVE-2020-4467 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723. | 2020-05-14 | 9.3 | CVE-2020-4468 XF CONFIRM |
| iproute2 -- iproute2 | iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | 2020-05-09 | 7.5 | CVE-2019-20795 MISC CONFIRM |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader. The LG ID is LVE-SMP-200006 (May 2020). | 2020-05-11 | 7.5 | CVE-2020-12753 CONFIRM |
| libemf -- libemf | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. | 2020-05-11 | 7.5 | CVE-2020-11865 MISC MISC MISC |
| libemf -- libemf | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. | 2020-05-11 | 7.5 | CVE-2020-11866 MISC MISC MISC |
| libexif -- libexif | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | 2020-05-09 | 7.5 | CVE-2020-12767 CONFIRM MLIST |
| openconnect_project -- openconnect_vpn_client | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | 2020-05-12 | 7.5 | CVE-2020-12823 MISC MISC MLIST |
| palo_alto_networks -- pan-os | An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6. | 2020-05-13 | 9.3 | CVE-2020-2018 CONFIRM |
| palo_alto_networks -- pan-os | An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. | 2020-05-13 | 7.5 | CVE-2020-2001 CONFIRM |
| palo_alto_networks -- pan-os | An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2010 CONFIRM |
| palo_alto_networks -- pan-os | An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2009 CONFIRM |
| palo_alto_networks -- pan-os | An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0. | 2020-05-13 | 7.8 | CVE-2020-2011 CONFIRM |
| palo_alto_networks -- pan-os | An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2014 CONFIRM |
| palo_alto_networks -- pan-os | A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | 2020-05-13 | 9 | CVE-2020-2006 CONFIRM |
| palo_alto_networks -- pan-os | An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2007 CONFIRM |
| palo_alto_networks -- pan-os | An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | 2020-05-13 | 9 | CVE-2020-2008 CONFIRM |
| palo_alto_networks -- pan-os | A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | 2020-05-13 | 8.5 | CVE-2020-2016 CONFIRM |
| palo_alto_networks -- pan-os | An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. | 2020-05-13 | 8.5 | CVE-2020-2003 CONFIRM |
| palo_alto_networks -- pan-os | A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | 2020-05-13 | 9 | CVE-2020-2015 CONFIRM |
| pi-hole -- pi-hole | The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | 2020-05-11 | 9 | CVE-2020-11108 MISC MISC MISC MISC |
| ping_identity -- pingid_ssh | Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. | 2020-05-13 | 7.5 | CVE-2020-10654 CONFIRM MISC MISC MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). | 2020-05-11 | 10 | CVE-2020-12746 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). | 2020-05-11 | 7.5 | CVE-2020-12747 CONFIRM |
| sap -- business_objects_business_intelligence_platform | SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 2020-05-12 | 7.5 | CVE-2020-6242 MISC MISC |
| trendnet -- proview_wireless_camera_tv-ip512wn | TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. | 2020-05-13 | 7.5 | CVE-2020-12763 MISC |
| vbulletin -- vbulletin | vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 2020-05-08 | 7.5 | CVE-2020-12720 MISC MISC |
| veritas -- aptare | Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | 2020-05-14 | 7.5 | CVE-2020-12874 MISC |
| wordpress -- wordpress | A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | 2020-05-08 | 7.5 | CVE-2020-11530 MISC MISC FULLDISC MISC MISC |
| wordpress -- wordpress | The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform. | 2020-05-13 | 7.5 | CVE-2020-12832 MISC MISC |
| zephyrproject -- zephyr | A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | 2020-05-11 | 7.5 | CVE-2020-10022 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10024 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10027 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10067 MISC MISC MISC MISC MISC |
| zoho -- manageengine_datasecurity_plus | Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | 2020-05-08 | 10 | CVE-2020-11532 MISC MISC |
| zulip -- zulip_desktop | Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | 2020-05-09 | 7.5 | CVE-2020-12637 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. | 2020-05-08 | 5 | CVE-2020-12018 MISC MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | 2020-05-08 | 5 | CVE-2020-12014 MISC MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | 2020-05-08 | 5.8 | CVE-2020-12010 MISC |
| advantech -- webaccess/scada | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | 2020-05-08 | 6.5 | CVE-2020-12026 MISC MISC |
| apache -- activemq | In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. | 2020-05-14 | 4.3 | CVE-2020-1941 MISC |
| apache -- rocketmq | In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. | 2020-05-14 | 5 | CVE-2019-17572 MISC MISC |
| apple -- swiftnio_extras | In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. | 2020-05-11 | 5 | CVE-2020-9840 MISC |
| appneta -- tcpreplay | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | 2020-05-08 | 6.4 | CVE-2020-12740 MISC |
| autoswitch_python_virtualenv -- autoswitch_python_virtualenv | In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0 | 2020-05-13 | 4.6 | CVE-2020-11073 MISC MISC MISC CONFIRM |
| cpanel -- cpanel | cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | 2020-05-11 | 5 | CVE-2020-12784 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | 2020-05-11 | 5.5 | CVE-2020-12785 CONFIRM MISC |
| debian -- libemf | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). | 2020-05-11 | 5 | CVE-2020-11863 MISC MISC MISC |
| debian -- libemf | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). | 2020-05-11 | 5 | CVE-2020-11864 MISC MISC MISC |
| enlightenment -- imlib2 | modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | 2020-05-09 | 6.4 | CVE-2020-12761 CONFIRM |
| exim -- exim | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | 2020-05-11 | 5 | CVE-2020-12783 CONFIRM CONFIRM CONFIRM DEBIAN |
| f5 -- big-ip | In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. | 2020-05-12 | 6.8 | CVE-2020-5897 MISC |
| f5 -- big-ip_edge_client | On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | 2020-05-12 | 4.6 | CVE-2020-5896 MISC |
| f5 -- big-ip_edge_client_windows_stonewall | In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. | 2020-05-12 | 4.9 | CVE-2020-5898 MISC |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. | 2020-05-13 | 4.6 | CVE-2019-15878 MISC CONFIRM |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. | 2020-05-13 | 5.8 | CVE-2019-15879 MISC CONFIRM |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | 2020-05-13 | 5 | CVE-2020-7455 MISC CONFIRM |
| freerdp -- freerdp | libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. | 2020-05-15 | 6.4 | CVE-2020-11526 MISC CONFIRM CONFIRM |
| freerdp -- freerdp | libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. | 2020-05-15 | 6.4 | CVE-2020-11522 MISC CONFIRM CONFIRM |
| glpi_project -- glpi | GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | 2020-05-12 | 5 | CVE-2020-5248 MISC CONFIRM |
| gnome -- libcroco | libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | 2020-05-12 | 6.8 | CVE-2020-12825 MISC |
| gnuteca -- gnuteca | Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | 2020-05-09 | 5 | CVE-2020-12764 CONFIRM |
| google -- android | In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677 | 2020-05-14 | 4.6 | CVE-2020-0102 MISC |
| google -- android | In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561 | 2020-05-14 | 4.6 | CVE-2020-0220 MISC |
| google -- android | In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084 | 2020-05-14 | 4.6 | CVE-2020-0105 MISC |
| google -- android | In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175 | 2020-05-14 | 4.6 | CVE-2020-0109 MISC |
| google -- android | In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel | 2020-05-14 | 4.6 | CVE-2020-0110 MISC |
| google -- android | In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 | 2020-05-14 | 4.6 | CVE-2020-0098 MISC |
| ibm -- api_connect | IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | 2020-05-12 | 5 | CVE-2020-4346 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637. | 2020-05-14 | 6.9 | CVE-2020-4258 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. | 2020-05-14 | 6.9 | CVE-2020-4257 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647. | 2020-05-14 | 6.9 | CVE-2020-4264 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. | 2020-05-14 | 6.9 | CVE-2020-4262 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. | 2020-05-14 | 6.9 | CVE-2020-4265 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646. | 2020-05-14 | 6.9 | CVE-2020-4263 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. | 2020-05-14 | 6.9 | CVE-2020-4261 XF CONFIRM |
| ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649. | 2020-05-14 | 6.9 | CVE-2020-4266 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | 2020-05-12 | 4 | CVE-2019-4478 XF CONFIRM |
| ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. | 2020-05-13 | 4 | CVE-2020-4312 XF CONFIRM |
| ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. | 2020-05-14 | 4 | CVE-2020-4299 XF CONFIRM |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. | 2020-05-14 | 4 | CVE-2020-4259 XF CONFIRM |
| ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. | 2020-05-11 | 4.3 | CVE-2019-4667 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. | 2020-05-14 | 4 | CVE-2020-4365 XF CONFIRM |
| ispyconnect -- agent_dvr | iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. | 2020-05-15 | 5 | CVE-2020-13093 MISC |
| jooby -- jooby | All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. | 2020-05-11 | 5 | CVE-2020-7647 MISC MISC MISC |
| json-c -- json-c | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. | 2020-05-09 | 6.8 | CVE-2020-12762 CONFIRM MISC FEDORA |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). | 2020-05-11 | 6.8 | CVE-2020-12754 CONFIRM |
| libreswan_project -- libreswan | An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. | 2020-05-12 | 5 | CVE-2020-1763 MISC CONFIRM CONFIRM CONFIRM DEBIAN |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | 2020-05-09 | 4.9 | CVE-2020-12769 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | 2020-05-09 | 4.9 | CVE-2020-12771 CONFIRM |
| linux -- linux_kernel | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | 2020-05-12 | 6.9 | CVE-2020-12826 CONFIRM MISC MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | 2020-05-09 | 4.6 | CVE-2020-12770 CONFIRM FEDORA CONFIRM |
| linux -- linux_kernel | There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | 2020-05-08 | 4.4 | CVE-2020-10690 CONFIRM |
| linux -- linux_kernel | The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. | 2020-05-08 | 6.9 | CVE-2019-14898 MISC CONFIRM MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. | 2020-05-09 | 4.9 | CVE-2019-20794 CONFIRM CONFIRM |
| maxum_development_corporation -- rumpus | An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | 2020-05-08 | 4 | CVE-2020-12737 MISC MISC |
| mcafee -- active_response_for_linux | Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7290 CONFIRM |
| mcafee -- active_response_for_mac | Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7291 CONFIRM |
| mcafee -- active_response_for_windows | Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7289 CONFIRM |
| mcafee -- exploit_detection_and_response | Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7288 CONFIRM |
| mcafee -- exploit_detection_and_response | Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7286 CONFIRM |
| mcafee -- exploit_detection_and_response | Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7287 CONFIRM |
| mcafee -- mvision_endpoint | Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | 4.6 | CVE-2020-7285 CONFIRM |
netapp -- service_processor_and_baseboard_management_controller | Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). | 2020-05-11 | 5 | CVE-2019-5500 MISC |
| nextcloud -- nextcloud_groupfolders | Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | 2020-05-12 | 5.5 | CVE-2020-8153 MISC MISC |
| nextcloud -- nextcloud_mail | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | 2020-05-12 | 6.8 | CVE-2020-8156 MISC |
| nextcloud -- nextcloud_server | An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 2020-05-12 | 6.8 | CVE-2020-8154 SUSE SUSE MISC MISC |
| opennms -- horizon_and_meridian | An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | 2020-05-11 | 6.5 | CVE-2020-12760 MISC MISC MISC MISC MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. | 2020-05-14 | 6.4 | CVE-2020-10612 MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. | 2020-05-14 | 4 | CVE-2020-12042 MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. | 2020-05-14 | 6.8 | CVE-2020-10616 MISC |
| oracle -- iplanet_web_server | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | 2020-05-10 | 4.9 | CVE-2020-9314 FULLDISC MISC MISC MISC |
| oracle -- iplanet_web_server | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | 2020-05-10 | 5 | CVE-2020-9315 FULLDISC MISC MISC MISC |
| palo_alto_networks -- pan-os | The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8. | 2020-05-13 | 5.5 | CVE-2020-1993 CONFIRM |
| palo_alto_networks -- pan-os | A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. | 2020-05-13 | 4.3 | CVE-2020-2005 CONFIRM |
| palo_alto_networks -- pan-os | A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2. | 2020-05-13 | 6.8 | CVE-2020-1995 CONFIRM |
| palo_alto_networks -- pan-os_for_panorama | Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. | 2020-05-13 | 5 | CVE-2020-2012 CONFIRM |
palo_alto_networks -- pan-os
| A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | 2020-05-13 | 4.3 | CVE-2020-2017 CONFIRM |
| pixel_&_tonic -- craft_cms | In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. | 2020-05-11 | 5 | CVE-2020-12790 MISC MISC MISC MISC |
| plex -- media_server | Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 2020-05-08 | 6.5 | CVE-2020-5741 MISC |
| python_packaging_authority -- python_package_installer | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). | 2020-05-08 | 6.8 | CVE-2018-20225 MISC MISC |
| red_hat -- ansible_engine | A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. | 2020-05-12 | 5 | CVE-2020-1746 CONFIRM CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. | 2020-05-12 | 6.5 | CVE-2020-1718 CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section. | 2020-05-11 | 4 | CVE-2020-1724 CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. | 2020-05-08 | 6.5 | CVE-2019-10170 CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. | 2020-05-13 | 6.5 | CVE-2020-1714 CONFIRM CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. | 2020-05-08 | 6.5 | CVE-2019-10169 CONFIRM |
| red_hat -- openshift_container_platform | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. | 2020-05-12 | 4.6 | CVE-2020-10706 CONFIRM |
| ruby_on_rails -- active_resource | There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | 2020-05-12 | 5 | CVE-2020-8151 MISC |
samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). | 2020-05-11 | 5 | CVE-2020-12748 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). | 2020-05-11 | 5 | CVE-2020-12750 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). | 2020-05-11 | 6.8 | CVE-2020-12751 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). | 2020-05-11 | 5 | CVE-2020-12752 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020). | 2020-05-11 | 4.6 | CVE-2020-12749 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020). | 2020-05-11 | 5 | CVE-2020-12745 CONFIRM |
sap -- adaptive_server_enterprise | SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | 2020-05-12 | 6.5 | CVE-2020-6248 MISC MISC |
sap -- adaptive_server_enterprise | Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | 2020-05-12 | 6.5 | CVE-2020-6253 MISC MISC |
sap -- adaptive_server_enterprise | Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. | 2020-05-12 | 6.5 | CVE-2020-6243 MISC MISC |
| sap -- adaptive_server_enterprise | SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. | 2020-05-12 | 6.7 | CVE-2020-6250 MISC MISC |
| sap -- adaptive_server_enterprise | Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | 2020-05-12 | 4 | CVE-2020-6259 MISC MISC |
| sap -- adaptive_server_enterprise | Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. | 2020-05-12 | 5.2 | CVE-2020-6252 MISC MISC |
| sap -- adaptive_server_enterprise | SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | 2020-05-12 | 6.5 | CVE-2020-6241 MISC MISC |
| sap -- application_server_abap | Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. | 2020-05-12 | 6.5 | CVE-2020-6262 MISC MISC |
| sap -- business_objects_intelligence_platform | SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | 2020-05-12 | 4.6 | CVE-2020-6245 MISC MISC |
| sap -- business_objects_intelligence_platform | SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. | 2020-05-12 | 5 | CVE-2020-6247 MISC MISC |
| sap -- business_objects_intelligence_platform | Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. | 2020-05-12 | 5 | CVE-2020-6251 MISC MISC |
| sap -- enterprise_threat_detection | SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | 2020-05-12 | 4.3 | CVE-2020-6254 MISC MISC |
| sap -- identity_management | SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | 2020-05-12 | 4 | CVE-2020-6258 MISC MISC |
| sap -- master_data_governance | The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | 2020-05-12 | 6.5 | CVE-2020-6249 MISC MISC |
| sap -- master_data_governance | SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | 2020-05-12 | 4 | CVE-2020-6256 MISC MISC |
| sap -- netweaver_as_abap | SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service | 2020-05-12 | 5 | CVE-2020-6240 MISC MISC |
| six_apart -- multiple_movable_type_products | Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. | 2020-05-14 | 6.5 | CVE-2020-5577 MISC MISC |
| six_apart -- multiple_movable_type_products | Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2020-05-14 | 4.3 | CVE-2020-5575 MISC MISC |
| six_apart -- multiple_movable_type_products | HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. | 2020-05-14 | 5 | CVE-2020-5574 MISC MISC |
| six_apart -- multiple_movable_type_products | Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2020-05-14 | 6.8 | CVE-2020-5576 MISC MISC |
| solis_miolo -- solis_miolo | Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | 2020-05-09 | 5 | CVE-2020-12765 CONFIRM |
| suse -- opensuse | A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. | 2020-05-13 | 4.3 | CVE-2020-8020 CONFIRM |
| symantec -- endpoint_protection | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 2020-05-11 | 4.6 | CVE-2020-5837 MISC |
| symantec -- endpoint_protection | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 2020-05-11 | 4.4 | CVE-2020-5836 MISC |
| symantec -- endpoint_protection_manager | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | 2020-05-11 | 5 | CVE-2020-5834 MISC |
| symantec -- endpoint_protection_manager | Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | 2020-05-11 | 4.4 | CVE-2020-5835 MISC |
| tobesoft -- xplatform | A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. | 2020-05-11 | 6.8 | CVE-2019-19162 MISC |
| transmission -- transmission | Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. | 2020-05-15 | 6.8 | CVE-2018-10756 MISC MISC |
| tyler_technologies -- eagle | TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. | 2020-05-13 | 6.5 | CVE-2019-16112 MISC |
typo3 -- typo3 | The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. | 2020-05-13 | 4 | CVE-2020-12700 MISC CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. | 2020-05-13 | 4.3 | CVE-2020-11063 CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/. | 2020-05-14 | 6.8 | CVE-2020-11069 CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | 2020-05-14 | 6.4 | CVE-2020-11066 CONFIRM |
| typo3 -- typo3 | The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. | 2020-05-13 | 5 | CVE-2020-12697 MISC CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | 2020-05-14 | 6 | CVE-2020-11067 CONFIRM |
| typo3 -- typo3 | The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. | 2020-05-13 | 4 | CVE-2020-12698 MISC CONFIRM |
| typo3 -- typo3 | The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | 2020-05-13 | 5.8 | CVE-2020-12699 MISC CONFIRM |
| veritas -- aptare | Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. | 2020-05-14 | 6.5 | CVE-2020-12875 MISC |
| veritas -- aptare | Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | 2020-05-14 | 5 | CVE-2020-12876 MISC |
| veritas -- aptare | Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | 2020-05-14 | 5 | CVE-2020-12877 MISC |
| vmware -- pivotal_concourse | Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) | 2020-05-14 | 5.8 | CVE-2020-5409 CONFIRM |
| vmware -- spring_security | Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. | 2020-05-13 | 6.5 | CVE-2020-5407 MLIST CONFIRM |
| western_digital -- mycloud_home | The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | 2020-05-13 | 6.8 | CVE-2020-12427 MISC CONFIRM |
| wso2 -- multiple_products | XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. | 2020-05-08 | 6.5 | CVE-2020-12719 MISC |
| zephyrproject -- zephyr | Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | 2020-05-11 | 4.6 | CVE-2020-10058 MISC MISC MISC MISC |
| zephyrproject -- zephyr | Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 4.6 | CVE-2020-10021 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | 2020-05-11 | 5.8 | CVE-2020-10059 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 4.6 | CVE-2020-10023 MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Recommend disabling updatehub until such a time as a fix can be made available. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | 2020-05-11 | 5.5 | CVE-2020-10060 MISC MISC |
| zephyrproject -- zephyr | Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 4.6 | CVE-2020-10028 MISC MISC MISC MISC MISC |
| zoho -- manageengine_datasecurity_plus | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. | 2020-05-08 | 6.5 | CVE-2020-11531 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| covidsafe -- covidsafe_for_ios | The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. | 2020-05-14 | 3.3 | CVE-2020-12717 MISC |
| freerdp -- freerdp | In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. | 2020-05-12 | 3.5 | CVE-2020-11058 MISC MISC CONFIRM |
| glpi_project -- glpi | In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6. | 2020-05-12 | 3.5 | CVE-2020-11062 MISC CONFIRM |
google -- android | In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870 | 2020-05-14 | 2.1 | CVE-2020-0104 MISC |
| google -- android | In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207 | 2020-05-14 | 2.1 | CVE-2020-0106 MISC |
| google -- android | In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 | 2020-05-14 | 2.1 | CVE-2020-0101 MISC |
| ibm -- api_connect | IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | 2020-05-12 | 3.5 | CVE-2020-4195 XF CONFIRM |
| kde -- kde | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. | 2020-05-09 | 2.1 | CVE-2020-12755 CONFIRM |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. | 2020-05-09 | 2.1 | CVE-2020-12768 CONFIRM CONFIRM |
| nextcloud -- nextcloud_server | An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 2020-05-12 | 3.5 | CVE-2020-8155 SUSE SUSE MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. | 2020-05-14 | 3.5 | CVE-2020-12046 MISC |
| palo_alto_networks -- globalprotect_app | Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. | 2020-05-13 | 1.7 | CVE-2020-2004 CONFIRM |
| php-fusion -- php-fusion | In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | 2020-05-08 | 3.5 | CVE-2020-12718 MISC |
| red_hat -- jboss_keycloak | A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality. | 2020-05-11 | 2.1 | CVE-2020-1698 CONFIRM |
| samsung -- multiple_mobile_devices | Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | 2020-05-08 | 3.3 | CVE-2020-6616 MISC MISC MISC CONFIRM MISC MISC |
sap -- business_objects_business_intelligence_platform | SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 2020-05-12 | 3.5 | CVE-2020-6257 MISC MISC |
| shopizer -- shopizer | In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. | 2020-05-08 | 3.5 | CVE-2020-11006 MISC CONFIRM |
| symantec -- endpoint_protection_manager | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 2020-05-11 | 2.1 | CVE-2020-5833 MISC |
| symantec -- it_analytics | Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | 2020-05-13 | 3.5 | CVE-2020-5838 MISC |
| techsmith -- snagit | In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | 2020-05-08 | 2.1 | CVE-2020-11541 CONFIRM |
| typo3 -- typo3 | The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3. | 2020-05-13 | 3.5 | CVE-2020-11070 CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. | 2020-05-13 | 3.5 | CVE-2020-11065 CONFIRM |
| typo3 -- typo3 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | 2020-05-13 | 3.5 | CVE-2020-11064 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_development_system | An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. | 2020-05-14 | not yet calculated | CVE-2020-12068 MISC MISC |
| apache -- ant | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | 2020-05-14 | not yet calculated | CVE-2020-1945 MISC |
| apache -- camel | Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11972 MLIST MLIST MISC |
| apache -- camel | Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11973 MLIST MISC |
| apache -- camel | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 is affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | 2020-05-14 | not yet calculated | CVE-2020-11971 MLIST MISC |
| apache -- cloudstack | A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond. | 2020-05-14 | not yet calculated | CVE-2019-17562 MISC |
| apache -- flink | A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | 2020-05-14 | not yet calculated | CVE-2020-1960 MISC |
| apache -- nuttx | The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected. | 2020-05-12 | not yet calculated | CVE-2020-1939 MISC |
| apt -- apt | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | 2020-05-15 | not yet calculated | CVE-2020-3810 MISC MISC MISC MISC MISC |
| bitdefender -- bitdefender_engines | Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. | 2020-05-15 | not yet calculated | CVE-2020-8100 MISC |
| canonical -- subiguity | It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | 2020-05-13 | not yet calculated | CVE-2020-11932 MISC |
| cellebrite -- ufed | Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | 2020-05-15 | not yet calculated | CVE-2020-12798 MISC MISC MISC MISC MISC |
| clamav -- clam_antivirus | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2020-05-13 | not yet calculated | CVE-2020-3327 CISCO |
| clamav -- clam_antivirus | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2020-05-13 | not yet calculated | CVE-2020-3341 CISCO |
| d-link -- dap-1360_devices | An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | 2020-05-15 | not yet calculated | CVE-2019-18666 MISC MISC MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | 2020-05-15 | not yet calculated | CVE-2020-12834 MISC |
| estsoft -- alsong | ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. | 2020-05-15 | not yet calculated | CVE-2020-7809 MISC MISC |
| f5 -- nginx | NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass. | 2020-05-14 | not yet calculated | CVE-2020-12440 MISC MISC |
| fazecast -- jserialcomm | In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | 2020-05-14 | not yet calculated | CVE-2020-10626 MISC |
| freerdp -- freerdp | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | 2020-05-15 | not yet calculated | CVE-2020-11525 MISC CONFIRM CONFIRM CONFIRM |
| freerdp -- freerdp | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | 2020-05-15 | not yet calculated | CVE-2020-11521 MISC CONFIRM CONFIRM |
| google -- android | In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | 2020-05-14 | not yet calculated | CVE-2020-0091 MISC |
| google -- android | An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 | 2020-05-14 | not yet calculated | CVE-2020-0065 MISC |
| google -- android | In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871 | 2020-05-14 | not yet calculated | CVE-2020-0094 MISC |
| google -- android | An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 | 2020-05-14 | not yet calculated | CVE-2020-0064 MISC |
| google -- android | An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | 2020-05-14 | not yet calculated | CVE-2020-0090 MISC |
| google -- android | In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 | 2020-05-14 | not yet calculated | CVE-2020-0024 MISC |
| google -- android | In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 | 2020-05-14 | not yet calculated | CVE-2020-0097 MISC |
| google -- android | In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | 2020-05-14 | not yet calculated | CVE-2020-0093 MLIST MISC |
| google -- android | In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | 2020-05-14 | not yet calculated | CVE-2020-0100 MISC |
| google -- android | In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 | 2020-05-14 | not yet calculated | CVE-2020-0096 MISC |
| google -- android | In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 | 2020-05-14 | not yet calculated | CVE-2020-0092 MISC |
| huawei -- multiple_devices | Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. | 2020-05-15 | not yet calculated | CVE-2020-1808 MISC |
| huawei -- p20_smartphones | Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. | 2020-05-15 | not yet calculated | CVE-2020-9073 MISC |
| ignite_realtime -- spark | An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | 2020-05-12 | not yet calculated | CVE-2020-12772 MISC |
| intelliants -- subrion_cms | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | 2020-05-15 | not yet calculated | CVE-2019-20390 MISC |
| intelliants -- subrion_cms | An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. | 2020-05-15 | not yet calculated | CVE-2019-20389 MISC |
| interchange -- interchange | XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | 2020-05-15 | not yet calculated | CVE-2020-12685 MISC CONFIRM |
| jal_information_technology -- pallet_control | Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under the environment where PLS Management Add-on Module is used, all versions are affected. | 2020-05-11 | not yet calculated | CVE-2020-5538 MISC MISC |
| jetstream -- jetselect | The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | 2020-05-14 | not yet calculated | CVE-2019-13021 MISC |
| jetstream -- jetselect | Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). | 2020-05-14 | not yet calculated | CVE-2019-13022 MISC |
| jetstream -- jetselect | An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | 2020-05-14 | not yet calculated | CVE-2019-13023 MISC |
| kerberos -- kerberos | The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | 2020-05-16 | not yet calculated | CVE-2020-13110 MISC MISC MISC MISC |
| linux -- linux_kernel | The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | 2020-05-15 | not yet calculated | CVE-2020-12888 MISC MISC |
| logkitty -- logkitty | Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 2020-05-15 | not yet calculated | CVE-2020-8149 MISC |
| mikrotik -- mikrotik-router-monitoring-system | An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. | 2020-05-16 | not yet calculated | CVE-2020-13118 MISC |
| misp -- misp-maltego | MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | 2020-05-15 | not yet calculated | CVE-2020-12889 MISC |
| mongodb -- mongodb | In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. | 2020-05-13 | not yet calculated | CVE-2019-2388 MISC |
| morita -- shogi | Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. | 2020-05-16 | not yet calculated | CVE-2020-13109 MISC MISC |
| naviserver -- naviserver | NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. | 2020-05-16 | not yet calculated | CVE-2020-13111 MISC MISC |
| opto_22 -- softpac_project | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. | 2020-05-14 | not yet calculated | CVE-2020-10620 MISC |
| palo_alto_networks -- global_protect_agent | An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | 2020-05-13 | not yet calculated | CVE-2020-1997 CONFIRM |
| palo_alto_networks -- pan-os | A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | not yet calculated | CVE-2020-1994 CONFIRM |
| palo_alto_networks -- pan-os | A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. | 2020-05-13 | not yet calculated | CVE-2020-1996 CONFIRM |
| palo_alto_networks -- pan-os | An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | 2020-05-13 | not yet calculated | CVE-2020-1998 CONFIRM |
| palo_alto_networks -- pan-os | An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0. | 2020-05-13 | not yet calculated | CVE-2020-2002 CONFIRM |
| palo_alto_networks -- pan-os | A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0; | 2020-05-13 | not yet calculated | CVE-2020-2013 CONFIRM |
| pandas -- pandas | pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. | 2020-05-15 | not yet calculated | CVE-2020-13091 MISC |
| progress -- moveit_automation_web_admin | An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. | 2020-05-14 | not yet calculated | CVE-2020-12677 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| pulseaudio -- pulseaudio | An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | 2020-05-15 | not yet calculated | CVE-2020-11931 MISC |
| red_hat -- ansible_engine | An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. | 2020-05-15 | not yet calculated | CVE-2020-10744 CONFIRM |
| red_hat -- ansible_engine | A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. | 2020-05-11 | not yet calculated | CVE-2020-10685 CONFIRM CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. | 2020-05-15 | not yet calculated | CVE-2020-1758 CONFIRM MISC |
| sap -- business_client | SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | 2020-05-12 | not yet calculated | CVE-2020-6244 MISC MISC |
| scikit-learn -- scikit-learn | scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. | 2020-05-15 | not yet calculated | CVE-2020-13092 MISC |
| securecrt -- securecrt | SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | 2020-05-15 | not yet calculated | CVE-2020-12651 MISC MISC CONFIRM MISC |
| slpjs -- slpjs | In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. | 2020-05-12 | not yet calculated | CVE-2020-11072 MISC CONFIRM |
| slpjs -- slpjs | SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. | 2020-05-12 | not yet calculated | CVE-2020-11071 MISC CONFIRM |
| submitty -- submitty | Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | 2020-05-15 | not yet calculated | CVE-2020-12882 MISC |
| submitty -- sumbitty | Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | 2020-05-16 | not yet calculated | CVE-2020-13121 MISC |
| videolan -- vlc_media_player | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | 2020-05-15 | not yet calculated | CVE-2019-19721 MISC MISC MISC MISC |
| vmware -- spring_security | Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. | 2020-05-14 | not yet calculated | CVE-2020-5408 CONFIRM |
| wordpress -- wordpress | The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. | 2020-05-13 | not yet calculated | CVE-2020-12742 MISC MISC |
| xwiki -- platform | In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. | 2020-05-12 | not yet calculated | CVE-2020-11057 CONFIRM MISC MISC |
| yaws -- yaws | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. | 2020-05-15 | not yet calculated | CVE-2020-12872 MISC MISC MISC MISC |
| zephyrproject -- zephyr | USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | 2020-05-11 | not yet calculated | CVE-2020-10019 MISC MISC MISC MISC MISC |
| zhejiang_dahua_technology -- multiple_devices | Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. | 2020-05-13 | not yet calculated | CVE-2019-9682 MISC |
| zhejiang_dahua_technology -- multiple_products | Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. | 2020-05-13 | not yet calculated | CVE-2020-9502 MISC |
| zhejiang_dahua_technology -- web_p2p | Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. | 2020-05-13 | not yet calculated | CVE-2020-9501 MISC |
| zoho -- manageengine_servicedesk_plus | Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page. | 2020-05-14 | not yet calculated | CVE-2019-15083 MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.