Vulnerability Summary for the Week of August 10, 2020
Released
Aug 17, 2020
Document ID
SB20-230
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- http_server | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 2020-08-07 | 7.5 | CVE-2020-11984 MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST GENTOO CONFIRM |
| digitus -- da-70254_firmware | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15063 MISC |
| firejail_project -- firejail | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | 2020-08-11 | 7.5 | CVE-2020-17368 SUSE MISC DEBIAN DEBIAN |
| flatcore -- flatcore | flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 2020-08-09 | 9 | CVE-2020-17452 MISC MISC |
| google -- android | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 | 2020-08-11 | 7.8 | CVE-2020-0254 MISC |
| google -- android | In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A | 2020-08-11 | 7.2 | CVE-2020-0259 MISC |
| google -- android | In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968 | 2020-08-11 | 7.2 | CVE-2020-0257 MISC |
| google -- android | In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 | 2020-08-11 | 7.2 | CVE-2020-0256 MISC |
| google -- android | In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 | 2020-08-11 | 7.2 | CVE-2020-0243 MISC |
| google -- android | In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722 | 2020-08-11 | 7.2 | CVE-2020-0242 MISC |
| google -- android | In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 | 2020-08-11 | 7.2 | CVE-2020-0241 MISC |
| google -- android | In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616 | 2020-08-11 | 7.2 | CVE-2020-0108 MISC |
| google -- android | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365 | 2020-08-11 | 10 | CVE-2020-0253 MISC |
| google -- android | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803 | 2020-08-11 | 10 | CVE-2020-0252 MISC |
| google -- android | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 | 2020-08-11 | 7.8 | CVE-2020-0251 MISC |
| google -- android | In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 | 2020-08-11 | 9.3 | CVE-2020-0240 MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. The vulnerability only occurs if an undocumented customization has been applied by an administrator. IBM X-Force ID: 184585. | 2020-08-13 | 10 | CVE-2020-4589 XF CONFIRM |
| json_pattern_validator_project -- json_pattern_validator | jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. | 2020-08-10 | 7.5 | CVE-2020-17479 MISC MISC MISC MISC |
| lindy-international -- 42633_firmware | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15059 MISC |
| microfocus -- secure_messaging_gateway | DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. | 2020-08-07 | 9 | CVE-2020-11852 MISC |
| mozilla -- firefox | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 9.3 | CVE-2020-15656 SUSE MISC MISC MISC MISC |
| opensuse -- tumbleweed | A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. | 2020-08-07 | 7.2 | CVE-2020-8026 CONFIRM |
| passmark -- burnintest | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | 2020-08-07 | 7.2 | CVE-2020-15479 MISC MISC MISC MISC |
| passmark -- burnintest | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | 2020-08-07 | 7.2 | CVE-2020-15480 MISC MISC MISC MISC |
| robotemi -- robox_os | Authentication Bypass Using an Alternate Path or Channel in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value. | 2020-08-07 | 7.5 | CVE-2020-16169 MISC MISC |
| robotemi -- temi | Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to gain raised privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control. | 2020-08-11 | 7.5 | CVE-2020-16170 MISC MISC |
| sap -- netweaver | SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | 2020-08-12 | 7.8 | CVE-2020-6309 MISC MISC |
| sap -- netweaver_knowledge_management | SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | 2020-08-12 | 8.5 | CVE-2020-6284 MISC MISC |
| securenvoy -- securmail | SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | 2020-08-07 | 9.3 | CVE-2020-13376 MISC MISC |
| thedaylightstudio -- fuel_cms | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | 2020-08-13 | 7.5 | CVE-2020-17463 MISC MISC MISC CONFIRM |
| tp-link -- tl-ps310u_firmware | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15055 MISC |
| turcom -- trcwifizone | Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses. | 2020-08-11 | 7.5 | CVE-2020-17466 MISC MISC |
| zohocorp -- manageengine_adselfservice_plus | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM. | 2020-08-11 | 10 | CVE-2020-11552 MISC MISC FULLDISC CONFIRM MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accuity -- firco_continuity | A stored Cross-site scripting (XSS) vulnerability in Firco Continuity 6.2.0.0 allows remote unauthenticated attackers to inject arbitrary web script or HTML through the username field of the login page. | 2020-08-12 | 4.3 | CVE-2020-16186 MISC |
| apache -- http_server | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | 2020-08-07 | 4.3 | CVE-2020-11993 MISC MLIST MLIST MLIST GENTOO CONFIRM |
| apache -- http_server | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | 2020-08-07 | 5 | CVE-2020-9490 MISC MLIST MLIST MLIST GENTOO CONFIRM |
| apache -- http_server | IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. | 2020-08-07 | 4.3 | CVE-2020-11985 MISC GENTOO |
| apache -- wicket | By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 | 2020-08-11 | 5 | CVE-2020-11976 MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16288 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-17538 MISC MISC |
| artifex -- ghostscript | A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 6.8 | CVE-2020-16303 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 6.8 | CVE-2020-16302 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16309 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16308 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16294 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16300 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16287 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | 2020-08-13 | 6.8 | CVE-2020-16304 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16289 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16297 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16301 MISC MISC |
| artifex -- ghostscript | A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16293 MISC MISC |
| artifex -- ghostscript | A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16299 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16298 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16305 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16296 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16291 MISC MISC |
| artifex -- ghostscript | A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16295 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16290 MISC MISC |
| artifex -- ghostscript | A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | 4.3 | CVE-2020-16292 MISC MISC |
| avaya -- ip_office | A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | 2020-08-07 | 5 | CVE-2019-7005 CONFIRM |
| carson-saint -- saint_security_suite | A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | 2020-08-10 | 4.3 | CVE-2020-16275 CONFIRM |
| carson-saint -- saint_security_suite | A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | 2020-08-10 | 4.3 | CVE-2020-16278 CONFIRM |
| carson-saint -- saint_security_suite | An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | 2020-08-10 | 6.5 | CVE-2020-16276 CONFIRM |
| carson-saint -- saint_security_suite | An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | 2020-08-10 | 6.5 | CVE-2020-16277 CONFIRM |
| combodo -- itop | A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | 2020-08-10 | 5 | CVE-2020-12777 MISC |
| combodo -- itop | A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | 2020-08-10 | 5 | CVE-2020-12780 MISC |
| combodo -- itop | Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | 2020-08-10 | 6.8 | CVE-2020-12781 MISC |
| combodo -- itop | Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | 2020-08-10 | 4.3 | CVE-2020-12778 MISC |
| cs2-network -- p2p | CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | 2020-08-10 | 4.3 | CVE-2020-9526 MISC MISC |
| cs2-network -- p2p | CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | 2020-08-10 | 6.8 | CVE-2020-9525 MISC MISC |
| deltaww -- tpeditor | Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16223 MISC MISC |
| deltaww -- tpeditor | Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16227 MISC MISC |
| deltaww -- tpeditor | Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16219 MISC MISC MISC |
| deltaww -- tpeditor | Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16225 MISC MISC |
| deltaww -- tpeditor | Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16221 MISC MISC |
| digitus -- da-70254_firmware | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15065 MISC |
| django-celery-results_project -- django-celery-results | django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. | 2020-08-11 | 5 | CVE-2020-17495 MISC |
| f2fs-tools_project -- f2fs-tools | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2020-08-10 | 6.8 | CVE-2020-6070 MISC |
| firejail_project -- firejail | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | 2020-08-11 | 4.6 | CVE-2020-17367 SUSE MISC MISC DEBIAN |
| frappe -- erpnext | An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2020-08-10 | 6.5 | CVE-2020-6145 MISC |
| getsymphony -- symphony_cms | content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. | 2020-08-11 | 4.3 | CVE-2020-15071 MISC |
| gitlab -- gitlab | In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | 2020-08-10 | 5.5 | CVE-2020-13293 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | 2020-08-10 | 5.5 | CVE-2020-13292 CONFIRM MISC MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | 2020-08-13 | 4 | CVE-2020-13286 CONFIRM MISC MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | 2020-08-13 | 4 | CVE-2020-13281 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 2020-08-10 | 5.5 | CVE-2020-13294 CONFIRM MISC MISC |
| gitlab -- runner | For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 2020-08-10 | 6.5 | CVE-2020-13295 CONFIRM MISC MISC |
| google -- android | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439 | 2020-08-11 | 4.9 | CVE-2020-0248 MISC |
| google -- android | In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 | 2020-08-11 | 6.9 | CVE-2020-0238 MISC |
| google -- android | In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863 | 2020-08-11 | 4.9 | CVE-2020-0239 MISC |
| google -- android | In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 | 2020-08-11 | 4.9 | CVE-2020-0247 MISC |
| google -- android | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656 | 2020-08-11 | 4.9 | CVE-2020-0249 MISC |
| google -- android | In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934 | 2020-08-11 | 4.9 | CVE-2020-0250 MISC |
| google -- android | In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 | 2020-08-11 | 4.9 | CVE-2020-0258 MISC MISC |
| google -- android | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 | 2020-08-11 | 6.4 | CVE-2020-0260 MISC |
| google -- asylo | A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later. | 2020-08-12 | 4 | CVE-2020-8905 CONFIRM |
| google -- asylo | An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later. | 2020-08-12 | 5.5 | CVE-2020-8904 CONFIRM |
| handysoft -- hslogin2.dll | hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | 2020-08-07 | 6.8 | CVE-2020-7810 MISC MISC |
| huawei -- fusioncompute | FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | 2020-08-10 | 4.6 | CVE-2020-9078 MISC |
| huawei -- fusionsphere_openstack | FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. | 2020-08-11 | 5.8 | CVE-2020-9079 MISC |
| huawei -- mate_20_firmware | HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged | 2020-08-11 | 4.6 | CVE-2020-9244 MISC |
| huawei -- mate_30_firmware | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. | 2020-08-10 | 4.3 | CVE-2020-9243 MISC |
| huawei -- p30_firmware | HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function. | 2020-08-10 | 4.3 | CVE-2020-9245 MISC |
| ibm -- event_streams | IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. | 2020-08-14 | 6.5 | CVE-2020-4662 XF CONFIRM |
| ibm -- jazz_reporting_service | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717. | 2020-08-10 | 4.3 | CVE-2020-4533 XF CONFIRM |
| ibm -- jazz_reporting_service | IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2020-08-10 | 4.3 | CVE-2020-4539 XF CONFIRM |
| ibm -- jazz_reporting_service | IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039. | 2020-08-10 | 4.3 | CVE-2020-4541 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. | 2020-08-13 | 4 | CVE-2019-4582 XF CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860. | 2020-08-11 | 4 | CVE-2020-4485 XF CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. | 2020-08-11 | 5.5 | CVE-2020-4486 XF CONFIRM |
| jenkins -- email_extension | Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | 2020-08-12 | 5 | CVE-2020-2232 MLIST CONFIRM |
| jenkins -- flaky_test_handler | A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | 2020-08-12 | 4.3 | CVE-2020-2237 MLIST CONFIRM |
| jenkins -- pipeline_maven_integration | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 2020-08-12 | 4 | CVE-2020-2233 MLIST CONFIRM |
| jenkins -- pipeline_maven_integration | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 2020-08-12 | 4 | CVE-2020-2234 MLIST CONFIRM |
| jenkins -- pipeline_maven_integration | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 2020-08-12 | 4.3 | CVE-2020-2235 MLIST CONFIRM |
| jerryscript -- jerryscript | ** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option. | 2020-08-13 | 6.8 | CVE-2020-24345 MISC |
| jetbrains -- kotlin | In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. | 2020-08-08 | 6.5 | CVE-2020-15824 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | 2020-08-08 | 4 | CVE-2020-15826 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | 2020-08-08 | 4 | CVE-2020-15828 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | 2020-08-08 | 5 | CVE-2020-15829 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | 2020-08-08 | 6.5 | CVE-2020-15825 MISC MISC |
| jetbrains -- teamcity | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | 2020-08-08 | 4.3 | CVE-2020-15831 MISC MISC |
| jetbrains -- teamcity | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | 2020-08-08 | 4.3 | CVE-2020-15830 MISC MISC |
| jetbrains -- toolbox | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | 2020-08-08 | 5 | CVE-2020-15827 MISC MISC |
| jetbrains -- upsource | In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | 2020-08-08 | 5 | CVE-2019-19704 MISC MISC |
| jetbrains -- youtrack | In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | 2020-08-08 | 4 | CVE-2020-15821 MISC MISC |
| jetbrains -- youtrack | In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | 2020-08-08 | 6.5 | CVE-2020-15817 MISC MISC |
| jetbrains -- youtrack | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | 2020-08-08 | 5 | CVE-2020-15823 MISC MISC |
| jetbrains -- youtrack | In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | 2020-08-08 | 5 | CVE-2020-15820 MISC MISC |
| jetbrains -- youtrack | JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | 2020-08-08 | 5 | CVE-2020-15819 MISC MISC |
| jetbrains -- youtrack | In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | 2020-08-08 | 5 | CVE-2020-15818 MISC MISC |
| lindy-international -- 42633_firmware | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15061 MISC |
| mahara -- mahara | In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. | 2020-08-07 | 4.3 | CVE-2020-15907 MISC MISC |
| mibew -- messenger | Mibew Messenger before 3.2.7 allows XSS via a crafted user name. | 2020-08-10 | 4.3 | CVE-2020-17476 MISC MISC |
| mozilla -- firefox | A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | 2020-08-10 | 4.3 | CVE-2020-15651 MISC MISC |
| mozilla -- firefox | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. | 2020-08-10 | 4.3 | CVE-2020-15661 MISC MISC |
| mozilla -- firefox | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 4.3 | CVE-2020-15658 SUSE MISC MISC MISC MISC |
| mozilla -- firefox | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 4.3 | CVE-2020-15655 SUSE MISC MISC MISC MISC |
| mozilla -- firefox | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 4.3 | CVE-2020-15654 SUSE MISC MISC MISC MISC |
| mozilla -- firefox | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | 2020-08-10 | 4.3 | CVE-2020-15652 SUSE SUSE SUSE MISC MISC MISC MISC MISC MISC |
| mozilla -- firefox | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. | 2020-08-10 | 4.3 | CVE-2020-15662 MISC MISC |
| mozilla -- firefox | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 4.3 | CVE-2020-15653 SUSE MISC MISC MISC MISC |
| mozilla -- firefox | Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | 2020-08-10 | 6.9 | CVE-2020-15657 SUSE MISC MISC MISC MISC |
| mozilla -- firefox | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | 2020-08-10 | 4.3 | CVE-2020-15648 MISC MISC MISC |
| mozilla -- firefox | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | 2020-08-10 | 5 | CVE-2020-15647 MISC MISC |
| mozilla -- firefox_esr | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | 2020-08-10 | 4.3 | CVE-2020-15650 MISC MISC |
| mozilla -- firefox_esr | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | 2020-08-10 | 4.3 | CVE-2020-15649 MISC MISC |
| mybb -- mybb | MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode. | 2020-08-09 | 4.3 | CVE-2020-17447 MISC MISC |
| mybb -- mybb | In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file. | 2020-08-10 | 4.3 | CVE-2020-15139 MISC CONFIRM MISC |
| nextcloud -- nextcloud | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | 2020-08-10 | 4.6 | CVE-2020-8224 MISC MISC |
| nextcloud -- nextcloud | A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | 2020-08-10 | 4.9 | CVE-2020-8229 MISC MISC |
| nginx -- njs | njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | 2020-08-13 | 6.8 | CVE-2020-24346 MISC |
| p5-crypt-perl_project -- p5-crypt-perl | ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. | 2020-08-10 | 5 | CVE-2020-17478 MISC |
| php-fusion -- php-fusion | PHP-Fusion 9.03 allows XSS on the preview page. | 2020-08-12 | 4.3 | CVE-2020-17450 MISC |
| prometheus -- blackbox_exporter | ** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. | 2020-08-09 | 5 | CVE-2020-16248 MISC MISC MISC MISC MISC |
| qemu -- qemu | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. | 2020-08-11 | 5 | CVE-2020-16092 MISC MISC |
| redhat -- cloudforms | Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. | 2020-08-11 | 6.5 | CVE-2020-10783 MISC MISC |
| redhat -- cloudforms | In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior. | 2020-08-11 | 6.5 | CVE-2020-10778 MISC MISC |
| redhat -- cloudforms | Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. | 2020-08-11 | 4 | CVE-2020-10779 MISC MISC |
| redhat -- cloudforms | Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. | 2020-08-11 | 6.4 | CVE-2020-14325 MISC MISC |
| redhat -- cloudforms_management_engine | Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities. | 2020-08-11 | 6.8 | CVE-2020-10780 MISC MISC |
| redhat -- cloudforms_management_engine | A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. | 2020-08-11 | 6.5 | CVE-2020-14324 MISC MISC |
| redhat -- cloudforms_management_engine | Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. | 2020-08-11 | 5.5 | CVE-2020-14296 MISC MISC |
| redhat -- quay | An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. | 2020-08-11 | 5 | CVE-2020-14313 MISC |
| robotemi -- launcher_os | Missing Authentication for Critical Function in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video. | 2020-08-07 | 6.4 | CVE-2020-16167 MISC MISC |
| robotemi -- temi_firmware | Origin Validation Error in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to access the custom API server and MQTT broker used by the temi and send it custom data/requests. | 2020-08-07 | 4.3 | CVE-2020-16168 MISC MISC |
| roundcube -- webmail | Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. | 2020-08-12 | 4.3 | CVE-2020-16145 CONFIRM MISC |
| sabnzbd -- sabnzbd | SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. | 2020-08-11 | 6.5 | CVE-2020-13124 MISC CONFIRM MISC |
| sap -- abap_platform | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | 2020-08-12 | 4 | CVE-2020-6299 MISC MISC |
| sap -- abap_platform | Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | 2020-08-12 | 4 | CVE-2020-6310 MISC MISC |
| sap -- abap_platform | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | 2020-08-12 | 6.5 | CVE-2020-6296 MISC MISC |
| sap -- adaptive_server_enterprise | Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | 2020-08-12 | 4.6 | CVE-2020-6295 MISC MISC |
| sap -- businessobjects_business_intelligence_platform | Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | 2020-08-12 | 6.4 | CVE-2020-6294 MISC MISC |
| sap -- generic_market_data | SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | 2020-08-12 | 5.5 | CVE-2020-6298 MISC MISC |
| sap -- hcm_travel_management | SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | 2020-08-12 | 5.5 | CVE-2020-6301 MISC MISC |
| sap -- netweaver_knowledge_management | SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload. | 2020-08-12 | 6.4 | CVE-2020-6293 MISC MISC |
| sap -- s\/4_hana_fiori_ui_for_general_ledger_accounting | SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | 2020-08-12 | 4 | CVE-2020-6273 MISC MISC |
| sophos -- xg_firewall_firmware | Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 2020-08-07 | 6.5 | CVE-2020-17352 MISC MISC |
| suse -- linux_enterprise_high_performance_computing | A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. | 2020-08-07 | 4.6 | CVE-2020-8025 CONFIRM |
| telegram -- telegram_desktop | Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | 2020-08-11 | 6.8 | CVE-2020-17448 MISC MISC MISC |
| teradici -- cloud_access_connector | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application. | 2020-08-11 | 4.3 | CVE-2020-13176 MISC |
| teradici -- cloud_access_connector | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | 2020-08-11 | 5 | CVE-2020-13175 MISC |
| teradici -- graphics_agent | The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. | 2020-08-11 | 4.4 | CVE-2020-13177 MISC |
| teradici -- graphics_agent | A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process. | 2020-08-11 | 4.6 | CVE-2020-13178 MISC |
| teradici -- managament_console | The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. | 2020-08-11 | 4.3 | CVE-2020-13174 MISC |
| themeinprogress -- nova_lite | search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. | 2020-08-12 | 4.3 | CVE-2020-17362 CONFIRM |
| tibco -- silver_fabric | The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below. | 2020-08-11 | 5.8 | CVE-2019-17339 CONFIRM |
| tiny -- tinymce | A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | 2020-08-14 | 4.3 | CVE-2020-12648 MISC |
| tiny -- tinymce | TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. | 2020-08-10 | 4.3 | CVE-2020-17480 MISC MISC |
| tp-link -- tl-ps310u_firmware | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15057 MISC |
| vmware -- spring_cloud_netflix | Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. | 2020-08-07 | 4 | CVE-2020-5412 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| combodo -- itop | Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | 2020-08-10 | 3.5 | CVE-2020-12779 MISC |
| digitus -- da-70254_firmware | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15064 MISC |
| digitus -- da-70254_firmware | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15062 MISC |
| flatcore -- flatcore | flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | 2020-08-09 | 3.5 | CVE-2020-17451 MISC MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | 2020-08-13 | 3.5 | CVE-2020-13283 CONFIRM MISC MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issue reference number tooltip. | 2020-08-13 | 3.5 | CVE-2020-13285 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 2020-08-12 | 3.5 | CVE-2020-13288 CONFIRM MISC MISC |
| jenkins -- jenkins | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | 2020-08-12 | 3.5 | CVE-2020-2229 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | 2020-08-12 | 3.5 | CVE-2020-2230 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | 2020-08-12 | 3.5 | CVE-2020-2231 MLIST CONFIRM |
| jenkins -- yet_another_build_visualizer | Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | 2020-08-12 | 3.5 | CVE-2020-2236 MLIST CONFIRM |
| lindy-international -- 42633_firmware | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15058 MISC |
| lindy-international -- 42633_firmware | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15060 MISC |
| mcafee -- data_loss_prevention | Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | 2020-08-13 | 2.1 | CVE-2020-7307 MISC |
| mcafee -- data_loss_prevention | Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | 2020-08-13 | 2.3 | CVE-2020-7303 MISC |
| pactware -- pactware | In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. | 2020-08-11 | 2.1 | CVE-2020-9403 CONFIRM |
| php-fusion -- php-fusion | PHP-Fusion 9.03 allows XSS via the error_log file. | 2020-08-12 | 3.5 | CVE-2020-17449 MISC |
| redhat -- cloudforms | A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. | 2020-08-11 | 3.5 | CVE-2020-10777 MISC MISC |
| sap -- businessobjects_business_intelligence_platform | SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | 2020-08-12 | 3.5 | CVE-2020-6300 MISC MISC |
| sap -- data_intelligence | Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure. | 2020-08-12 | 2.1 | CVE-2020-6297 MISC MISC |
| soplanning -- soplanning | SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | 2020-08-11 | 3.5 | CVE-2020-15597 MISC MISC |
| sugarcrm -- sugarcrm | SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | 2020-08-12 | 3.5 | CVE-2020-17373 MISC MISC MISC MISC MISC |
| sugarcrm -- sugarcrm | SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 2020-08-12 | 3.5 | CVE-2020-17372 MISC MISC MISC MISC MISC |
| teradici -- graphics_agent | Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure. | 2020-08-11 | 2.1 | CVE-2020-13179 MISC |
| tp-link -- tl-ps310u_firmware | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15054 MISC |
| tp-link -- tl-ps310u_firmware | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15056 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abbyy -- finereader | ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. | 2020-08-13 | not yet calculated | CVE-2019-20383 CONFIRM MISC CONFIRM |
| adobe -- git-server | The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. | 2020-08-14 | not yet calculated | CVE-2020-9708 MISC |
| alps_alpine -- touchpad_driver | The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | 2020-08-12 | not yet calculated | CVE-2020-15596 MISC MISC |
| amazon_web_services -- s3_crypto_sdk_for_golang | A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | 2020-08-11 | not yet calculated | CVE-2020-8911 CONFIRM CONFIRM |
| amazon_web_services -- s3_crypto_sdk_for_golang | A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files. | 2020-08-11 | not yet calculated | CVE-2020-8912 CONFIRM CONFIRM |
| artica -- web_proxy | Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. | 2020-08-12 | not yet calculated | CVE-2020-17505 MISC |
| artica -- web_proxy | Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | 2020-08-12 | not yet calculated | CVE-2020-17506 MISC MISC |
| artifex_software -- ghostscript | A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | 2020-08-13 | not yet calculated | CVE-2020-16310 MISC MISC |
| artifex_software -- ghostscript | A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. | 2020-08-13 | not yet calculated | CVE-2020-16307 MISC MISC |
| artifex_software -- ghostscript | A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. | 2020-08-13 | not yet calculated | CVE-2020-16306 MISC MISC |
| artifex_software -- mujs | Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | 2020-08-13 | not yet calculated | CVE-2020-24343 MISC |
| asyncpg -- asyncpg | asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. | 2020-08-12 | not yet calculated | CVE-2020-17446 CONFIRM |
| avaya -- aura_communication_manager_and_aura_messaging | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. | 2020-08-11 | not yet calculated | CVE-2020-7029 CONFIRM |
| blackberry -- qnx_software_development_platform | An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. | 2020-08-12 | not yet calculated | CVE-2020-6932 MISC |
| cisco -- unified_ip_conference_station_7937g | ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. | 2020-08-12 | not yet calculated | CVE-2020-16139 MISC MISC MISC |
| cisco -- unified_ip_conference_station_7937g | ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. | 2020-08-12 | not yet calculated | CVE-2020-16138 MISC MISC MISC |
| cisco -- unified_ip_conference_station_7937g | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. | 2020-08-12 | not yet calculated | CVE-2020-16137 MISC MISC MISC |
| cms_made_simple -- cms_made_simple | CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | 2020-08-14 | not yet calculated | CVE-2020-17462 EXPLOIT-DB |
| documalis -- free_pdf_editor_and_free_pdf_scanner | Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software. | 2020-08-12 | not yet calculated | CVE-2020-7374 MISC |
| dovecot -- dovecot | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | 2020-08-12 | not yet calculated | CVE-2020-12674 MISC MLIST DEBIAN CONFIRM |
| dovecot -- dovecot | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | 2020-08-12 | not yet calculated | CVE-2020-12673 MISC MLIST DEBIAN CONFIRM |
| dovecot -- dovecot | In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | 2020-08-12 | not yet calculated | CVE-2020-12100 MLIST MISC MLIST DEBIAN |
| eaton -- secure_connect_mobile_app | Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices. | 2020-08-12 | not yet calculated | CVE-2020-6653 MISC |
| evga -- precision_x1 | The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process. | 2020-08-11 | not yet calculated | CVE-2020-14979 MISC MISC |
| fortinet -- fortios | A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 2020-08-14 | not yet calculated | CVE-2019-5591 CONFIRM |
| galileo_cms -- galileo_cms | There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). | 2020-08-14 | not yet calculated | CVE-2019-7410 CONFIRM MISC MISC MISC |
| geutebrück -- g-cam_and_g-code | Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). | 2020-08-14 | not yet calculated | CVE-2020-16205 MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 2020-08-13 | not yet calculated | CVE-2020-13280 CONFIRM MISC |
| gitlab -- gitlab | For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | 2020-08-13 | not yet calculated | CVE-2020-13282 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page. | 2020-08-12 | not yet calculated | CVE-2020-13290 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 2020-08-12 | not yet calculated | CVE-2020-13291 CONFIRM MISC |
| gnome -- gnome-shell | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | 2020-08-11 | not yet calculated | CVE-2020-17489 MISC |
| google -- android | A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. | 2020-08-12 | not yet calculated | CVE-2020-8913 CONFIRM |
| google -- android | In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841 | 2020-08-13 | not yet calculated | CVE-2020-0261 MISC |
| google -- go-tpm | An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'. | 2020-08-11 | not yet calculated | CVE-2020-8918 CONFIRM |
| horndis -- horndis | All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-bit kernels; 64-bit kernels are more likely to crash on attempted exploitation. It is not believed that kernel memory corruption is possible, or that unattended kernel memory disclosure without the collaboration of a userspace program running on the host is possible. The vulnerability is in `HoRNDIS::receivePacket`. `msg_len`, `data_ofs`, and `data_len` can be controlled by an attached USB device, and a negative value of `data_ofs` can bypass the check for `(data_ofs + data_len + 8) > msg_len`, and subsequently can cause a wild pointer copy in the `mbuf_copyback` call. The software is not maintained and no patches are planned. Users of multi-tenant systems with HoRNDIS installed should only connect trusted USB devices to their system. | 2020-08-12 | not yet calculated | CVE-2020-15137 CONFIRM |
| huawei -- fusioncomput | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | 2020-08-14 | not yet calculated | CVE-2020-9229 MISC |
| huawei -- fusioncomput | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | 2020-08-14 | not yet calculated | CVE-2020-9228 MISC |
| inet -- wireless_daemon | eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. | 2020-08-12 | not yet calculated | CVE-2020-17497 MISC |
| intel -- acceleration_stack | Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8684 MISC |
| intel -- computing_improvement_program | Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8736 MISC |
| intel -- distribution_of_openvino_toolkit | Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-12287 MISC |
| intel -- graphics_drivers | Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8682 MISC |
| intel -- graphics_drivers | Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8679 MISC |
| intel -- graphics_drivers | Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-0512 MISC |
| intel -- graphics_drivers | Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-0513 MISC |
| intel -- graphics_drivers | Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8681 MISC |
| intel -- graphics_drivers | Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8683 MISC |
| intel -- graphics_drivers | Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8680 MISC |
| intel -- graphics_drivers | Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-0510 MISC |
| intel -- led_manager | Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8685 MISC |
| intel -- mailbox | Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8743 MISC |
| intel -- multiple_products | Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8729 CONFIRM MISC |
| intel -- multiple_products | Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8731 CONFIRM MISC |
| intel -- multiple_products | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8713 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8706 CONFIRM MISC |
| intel -- multiple_products | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8708 CONFIRM MISC |
| intel -- multiple_products | Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8732 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8720 CONFIRM MISC |
| intel -- multiple_products | Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8709 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8707 CONFIRM MISC |
| intel -- multiple_products | Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8730 CONFIRM MISC |
| intel -- multiple_products | Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8717 CONFIRM MISC |
| intel -- multiple_products | Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8723 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8722 CONFIRM MISC |
| intel -- multiple_products | Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8721 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8719 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8718 CONFIRM MISC |
| intel -- multiple_products | Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8711 CONFIRM MISC |
| intel -- multiple_products | Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8716 CONFIRM MISC |
| intel -- multiple_products | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8714 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8712 CONFIRM MISC |
| intel -- multiple_products | Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8710 CONFIRM MISC |
| intel -- multiple_products | Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access. | 2020-08-13 | not yet calculated | CVE-2020-8715 CONFIRM MISC |
| intel -- nuc | Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8742 MISC |
| intel -- proset/wireless_wifi_products | Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-0559 MISC |
| intel -- raid_web_console_3 | Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-08-13 | not yet calculated | CVE-2020-8688 MISC |
| intel -- realsense_d400_series_uwp_driver | Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8763 MISC |
| intel -- rste_software_raid_driver | Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8687 MISC |
| intel -- server_board_families | Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-12301 CONFIRM MISC |
| intel -- server_board_families | Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-12300 CONFIRM MISC |
| intel -- server_board_families | Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-12299 CONFIRM MISC |
| intel -- server_board_m10jnp2sb | Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8733 CONFIRM MISC |
| intel -- ssd_sct | Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-8759 MISC |
| intel -- thunderbolt_controllers | Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. | 2020-08-13 | not yet calculated | CVE-2019-14630 MISC |
| intel -- wireless_bluetooth_products | Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-0555 MISC |
| intel -- wireless_bluetooth_products | Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. | 2020-08-13 | not yet calculated | CVE-2020-0554 MISC |
| intel -- wireless_bluetooth_products | Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. | 2020-08-13 | not yet calculated | CVE-2020-0553 MISC |
| intel -- wireless_bluetooth_products | Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. | 2020-08-13 | not yet calculated | CVE-2019-14620 MISC |
| intel -- wireless_for_open_source | Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2020-08-13 | not yet calculated | CVE-2020-8689 MISC |
| ise -- smart_connect_knx_valliant | ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. | 2020-08-14 | not yet calculated | CVE-2019-19643 MISC |
| jerryscript -- jerryscript | JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | 2020-08-13 | not yet calculated | CVE-2020-24344 MISC |
| loway -- queuemetrics | A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. | 2020-08-13 | not yet calculated | CVE-2020-15925 MISC |
| loway -- queuemetrics | A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. | 2020-08-13 | not yet calculated | CVE-2020-15947 MISC |
| lua -- lua | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | 2020-08-13 | not yet calculated | CVE-2020-24342 MISC MISC |
| mantisbt -- mantisbt | An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). | 2020-08-12 | not yet calculated | CVE-2020-16266 CONFIRM CONFIRM |
| mcafee -- data_loss_prevention | Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | 2020-08-13 | not yet calculated | CVE-2020-7306 CONFIRM |
| mcafee -- data_loss_prevention_epo_extension | Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | 2020-08-13 | not yet calculated | CVE-2020-7304 CONFIRM |
| mcafee -- data_loss_prevention_epo_extension | Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | 2020-08-13 | not yet calculated | CVE-2020-7302 MISC |
| mcafee -- data_loss_prevention_epo_extension | Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | 2020-08-12 | not yet calculated | CVE-2020-7301 CONFIRM |
| mcafee -- data_loss_prevention_epo_extension | Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. | 2020-08-12 | not yet calculated | CVE-2020-7300 CONFIRM |
| mcafee -- data_loss_prevention_epo_extension | Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | 2020-08-13 | not yet calculated | CVE-2020-7305 CONFIRM |
| megvii -- koala | Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. | 2020-08-14 | not yet calculated | CVE-2020-17475 MISC |
| microsoft -- composer-setup | In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\ProgramData\ComposerSetup\bin\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\ProgramData\ComposerSetup\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability. | 2020-08-14 | not yet calculated | CVE-2020-15145 MISC CONFIRM |
| mozilla -- multiple_products | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | 2020-08-10 | not yet calculated | CVE-2020-15659 SUSE SUSE SUSE MISC MISC MISC MISC MISC MISC |
| nginx -- njs | njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. | 2020-08-13 | not yet calculated | CVE-2020-24349 MISC |
| nginx -- njs | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | 2020-08-13 | not yet calculated | CVE-2020-24347 MISC |
| nginx -- njs | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. | 2020-08-13 | not yet calculated | CVE-2020-24348 MISC |
| nim -- nim | In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands. | 2020-08-14 | not yet calculated | CVE-2020-15692 MISC CONFIRM |
| nim -- nim | In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. | 2020-08-14 | not yet calculated | CVE-2020-15693 MISC CONFIRM |
| nim -- nim | In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length. | 2020-08-14 | not yet calculated | CVE-2020-15694 MISC CONFIRM |
| pactware -- pactware | In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. | 2020-08-11 | not yet calculated | CVE-2020-9404 CONFIRM |
| palo_alto_networks -- pan-os | When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server. This technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked. This issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions. This technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls. Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data. This issue is applicable to all current versions of PAN-OS. | 2020-08-12 | not yet calculated | CVE-2020-2035 CONFIRM CONFIRM |
| pegasystems -- pega_platform | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | 2020-08-13 | not yet calculated | CVE-2019-16374 MISC MISC |
| phpjs -- phpjs | All versions of phpjs are vulnerable to Prototype Pollution via parse_str. | 2020-08-14 | not yet calculated | CVE-2020-7700 CONFIRM |
| phpjs -- phpjs | madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. | 2020-08-14 | not yet calculated | CVE-2020-7701 CONFIRM |
| pnotes -- andrey_gruber_pnotes.net | A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. | 2020-08-14 | not yet calculated | CVE-2020-22721 MISC |
| python -- python | In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. | 2020-08-14 | not yet calculated | CVE-2020-15142 MISC MISC CONFIRM MISC |
| python -- python | In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. | 2020-08-14 | not yet calculated | CVE-2020-15141 MISC MISC CONFIRM MISC |
| qt -- qt | An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | 2020-08-12 | not yet calculated | CVE-2020-17507 MISC MISC MISC FEDORA |
| radare2 -- radare2 | radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. | 2020-08-11 | not yet calculated | CVE-2020-17487 MISC |
| rapid_software -- rapid_scada | Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | 2020-08-14 | not yet calculated | CVE-2020-22722 MISC |
| readytalk -- avian | ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-08-12 | not yet calculated | CVE-2020-17360 MISC MISC |
| readytalk -- avian | ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-08-12 | not yet calculated | CVE-2020-17361 MISC MISC |
| rosariosis -- rosariosis | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 2020-08-12 | not yet calculated | CVE-2020-13278 MISC MISC CONFIRM |
| securepoint -- securepoint_ssl_vpn_client | A local privilege escalation vulnerability in SPSSLVpnService.exe in Securepoint GmbH from Lueneburg Securepoint SSL VPN Client 2.0.28 allows a local attacker to gain privileges via a crafted malicious exe and perform unauthorized actions. | 2020-08-14 | not yet calculated | CVE-2020-22720 MISC |
| shenzhen_hichip_vision_technology -- multiple_devices | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. | 2020-08-10 | not yet calculated | CVE-2020-9528 MISC MISC |
| shenzhen_hichip_vision_technology -- multiple_devices | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. | 2020-08-10 | not yet calculated | CVE-2020-9527 MISC MISC |
| shenzhen_hichip_vision_technology -- multiple_devices | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator password. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. | 2020-08-10 | not yet calculated | CVE-2020-9529 MISC MISC |
| siemens -- automation_license_manager | A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. | 2020-08-14 | not yet calculated | CVE-2020-7583 MISC |
| siemens -- desigo_cc_and_desigo_cc_compact | A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges. | 2020-08-14 | not yet calculated | CVE-2020-10055 MISC MISC |
| siemens -- sicam_a8000_rtu_devices | A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. | 2020-08-14 | not yet calculated | CVE-2020-15781 MISC |
| smartcontrol -- smartcontrol | An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) | 2020-08-13 | not yet calculated | CVE-2020-7360 MISC |
| sonatype -- nexus_repository_manager | Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | 2020-08-12 | not yet calculated | CVE-2020-15868 CONFIRM |
| spirent -- testcenter_and_avalanche | An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials. | 2020-08-13 | not yet calculated | CVE-2020-11733 MISC MISC |
| st_engineering -- vpncrypt_m10 | The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System. | 2020-08-12 | not yet calculated | CVE-2020-12107 MISC MISC |
| st_engineering -- vpncrypt_m10 | The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point. | 2020-08-12 | not yet calculated | CVE-2020-12106 MISC MISC |
| textpattern -- textpattern | In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | 2020-08-14 | not yet calculated | CVE-2015-8032 CONFIRM CONFIRM |
| textpattern -- textpattern | In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | 2020-08-14 | not yet calculated | CVE-2015-8033 CONFIRM CONFIRM |
| tridium -- niagara_and_niagara_enterprise_security | A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. | 2020-08-13 | not yet calculated | CVE-2020-14483 MISC |
| trousers -- toursers | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | 2020-08-13 | not yet calculated | CVE-2020-24330 MLIST MISC MISC MISC |
| trousers -- toursers | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | 2020-08-13 | not yet calculated | CVE-2020-24331 MLIST MISC MISC MISC |
| trousers -- toursers | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | 2020-08-13 | not yet calculated | CVE-2020-24332 MLIST MISC MISC MISC |
| vbulletin -- vbulletin | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. | 2020-08-12 | not yet calculated | CVE-2020-17496 MISC MISC MISC |
| vmware -- concourse | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team. | 2020-08-12 | not yet calculated | CVE-2020-5415 CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | 2020-08-13 | not yet calculated | CVE-2020-17498 MISC MISC MISC |
| wordpress -- worpress | A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). | 2020-08-14 | not yet calculated | CVE-2019-6112 CONFIRM MISC |
| zalo -- zalo_desktop | An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file. | 2020-08-13 | not yet calculated | CVE-2020-16087 MISC MISC MISC |
| zkteco -- facedepot_7b_and_zkbiosecurity_server | A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. | 2020-08-14 | not yet calculated | CVE-2020-17474 MISC |
| zkteco -- facedepot_7b_and_zkbiosecurity_server | Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. | 2020-08-14 | not yet calculated | CVE-2020-17473 MISC |
| zoom -- zoom | A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. | 2020-08-14 | not yet calculated | CVE-2020-9767 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.