Vulnerability Summary for the Week of October 5, 2020
Released
Oct 12, 2020
Document ID
SB20-286
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artica -- pandora_fms | Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | 2020-10-02 | 7.5 | CVE-2020-26518 MISC |
| craftercms -- studio | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. | 2020-10-06 | 9 | CVE-2020-25802 CONFIRM |
| craftercms -- studio | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. | 2020-10-06 | 9 | CVE-2020-25803 MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | 2020-10-02 | 7.5 | CVE-2020-26534 MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | 2020-10-02 | 7.5 | CVE-2020-26539 MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | 2020-10-02 | 7.5 | CVE-2020-26537 MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | 2020-10-02 | 7.5 | CVE-2020-26535 MISC |
| google -- android | An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020). | 2020-10-06 | 7.5 | CVE-2020-26607 MISC |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | 2020-10-05 | 7.5 | CVE-2020-4493 XF CONFIRM |
| mpd_project -- mpd | The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | 2020-10-06 | 7.5 | CVE-2020-7465 MISC MISC |
| msi -- ambientlink_mslo64_firmware | The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | 2020-10-02 | 7.2 | CVE-2020-17382 MISC MISC MISC |
| openmediavault -- openmediavault | openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | 2020-10-02 | 9 | CVE-2020-26124 MISC CONFIRM |
| pluxml -- pluxml | class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | 2020-10-02 | 7.5 | CVE-2020-18185 MISC |
| redhat -- libvirt | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-10-06 | 7.2 | CVE-2020-25637 MISC |
| safetydance_project -- safetydance | All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | 2020-10-02 | 7.5 | CVE-2020-7737 MISC |
| secudos -- domos | conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). | 2020-10-02 | 8.5 | CVE-2020-14293 MISC MISC MISC MISC MISC |
| sierrawireless -- aleos | Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | 2020-10-06 | 7.5 | CVE-2020-8782 CONFIRM |
| sierrawireless -- aleos | Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | 2020-10-06 | 7.2 | CVE-2020-8781 CONFIRM |
| wavlink -- wn530h4_firmware | A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | 2020-10-02 | 10 | CVE-2020-12125 MISC MISC |
| wavlink -- wn530h4_firmware | Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | 2020-10-02 | 7.5 | CVE-2020-12126 MISC MISC |
| wavlink -- wn530h4_firmware | CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. | 2020-10-02 | 7.8 | CVE-2020-12123 MISC MISC |
| wavlink -- wn530h4_firmware | A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | 2020-10-02 | 10 | CVE-2020-12124 MISC MISC |
| zohocorp -- manageengine_desktop_central | An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | 2020-10-02 | 9 | CVE-2020-24397 MISC CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artifex -- mupdf | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | 2020-10-02 | 4.3 | CVE-2020-26519 MISC MISC |
| barchart -- maven_cascade_release | Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin. | 2020-10-08 | 4 | CVE-2020-2294 MLIST CONFIRM |
| barchart -- maven_cascade_release | A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | 2020-10-08 | 4.3 | CVE-2020-2295 MLIST CONFIRM |
| bitdefender -- engines | A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. | 2020-10-02 | 5 | CVE-2020-8110 MISC |
| bludit -- bludit | Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | 2020-10-02 | 6.4 | CVE-2020-18190 MISC |
| clickstudios -- passwordstate | ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user. | 2020-10-05 | 5 | CVE-2020-26061 MISC MISC |
| compass-security -- fusionauth-samlv2 | FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". | 2020-10-02 | 6.4 | CVE-2020-12676 MISC FULLDISC MISC MISC MISC |
| damstratechnology -- smart_asset | Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | 2020-10-02 | 6.4 | CVE-2020-26525 MISC MISC MISC |
| damstratechnology -- smart_asset | An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password"). | 2020-10-02 | 5 | CVE-2020-26526 MISC MISC MISC |
| erlang -- erlang/otp | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | 2020-10-02 | 4.3 | CVE-2020-25623 CONFIRM CONFIRM MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | 2020-10-02 | 4.4 | CVE-2020-26538 MISC |
| foxitsoftware -- foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. | 2020-10-02 | 5 | CVE-2020-26540 MISC |
| getfilecloud -- filecloud | CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. | 2020-10-02 | 5 | CVE-2020-26524 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. | 2020-10-08 | 6 | CVE-2020-13339 CONFIRM MISC MISC |
| google -- android | An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | 2020-10-06 | 5 | CVE-2020-26604 MISC |
| google -- android | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). | 2020-10-06 | 5 | CVE-2020-26603 MISC |
| google -- android | An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). | 2020-10-06 | 5 | CVE-2020-26602 MISC |
| google -- android | An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | 2020-10-06 | 5 | CVE-2020-26600 MISC |
| google -- android | An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). | 2020-10-06 | 5 | CVE-2020-26599 MISC |
| google -- android | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020). | 2020-10-06 | 5 | CVE-2020-26598 MISC |
| google -- android | An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020). | 2020-10-06 | 5 | CVE-2020-26597 MISC |
| google -- android | An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020). | 2020-10-06 | 5 | CVE-2020-26605 MISC |
| google -- android | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | 2020-10-06 | 5 | CVE-2020-26606 MISC |
| google -- android | An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). | 2020-10-06 | 5 | CVE-2020-26601 MISC |
| ibm -- informix_dynamic_server | IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. | 2020-10-08 | 4.6 | CVE-2020-4799 XF CONFIRM |
| ibm -- security_access_manager | IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. | 2020-10-06 | 4.3 | CVE-2019-4725 XF CONFIRM |
| intel -- driver_\&_support_assistant | Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-10-05 | 4.6 | CVE-2020-12302 MISC |
| jenkins -- audit_trail | In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. | 2020-10-08 | 5 | CVE-2020-2288 MLIST CONFIRM |
| jenkins -- persona | Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. | 2020-10-08 | 4 | CVE-2020-2293 MLIST CONFIRM |
| jenkins -- shared_objects | A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. | 2020-10-08 | 4.3 | CVE-2020-2296 MLIST CONFIRM |
| linux -- linux_kernel | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 2020-10-06 | 4.9 | CVE-2020-25641 SUSE MLIST MISC MISC MISC |
| linux -- linux_kernel | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | 2020-10-02 | 6.9 | CVE-2020-26541 MISC |
| livehelperchat -- live_helper_chat | Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. | 2020-10-02 | 4.3 | CVE-2020-26135 MISC MISC MISC |
| livehelperchat -- live_helper_chat | Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. | 2020-10-02 | 4.3 | CVE-2020-26134 MISC MISC MISC |
| mapfish -- print | In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. | 2020-10-02 | 4.3 | CVE-2020-15231 MISC CONFIRM |
| mapfish -- print | In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. | 2020-10-02 | 6.4 | CVE-2020-15232 MISC CONFIRM |
| monocms -- monocms | MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash. | 2020-10-06 | 5 | CVE-2020-25987 MISC MISC |
| monocms -- monocms | MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted). | 2020-10-07 | 5.5 | CVE-2020-25985 MISC MISC |
| mpd_project -- mpd | The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition. | 2020-10-06 | 5 | CVE-2020-7466 MISC MISC |
| nvidia -- virtual_gpu_manager | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution. | 2020-10-02 | 4.6 | CVE-2020-5981 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service. | 2020-10-02 | 4.6 | CVE-2020-5980 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges. | 2020-10-02 | 4.6 | CVE-2020-5979 CONFIRM |
| powerdns -- authoritative | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | 5.1 | CVE-2020-24696 MISC |
| powerdns -- authoritative | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | 4.3 | CVE-2020-24697 CONFIRM |
| powerdns -- authoritative | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | 6.8 | CVE-2020-24698 CONFIRM |
| reddoxx -- maildepot | REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | 2020-10-06 | 6.5 | CVE-2019-19200 MISC MISC MISC |
| redhat -- wildfly_openssl | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. | 2020-10-06 | 5 | CVE-2020-25644 MISC MISC MISC |
| requarks -- wiki.js | In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit 084dcd69d1591586ee4752101e675d5f0ac6dcdc fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any directory traversal (e.g. `..` and `.`) sequences as well as invalid filesystem characters from the path. As a workaround, disable any storage module with local asset caching capabilities such as Local File System and Git. | 2020-10-05 | 5 | CVE-2020-15236 MISC CONFIRM |
| secudos -- qiata_fta | An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | 2020-10-02 | 4.3 | CVE-2020-14294 MISC MISC MISC MISC MISC |
| shiba_project -- shiba | All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | 2020-10-02 | 6.5 | CVE-2020-7738 CONFIRM |
| simpl-schema_project -- simpl-schema | This affects the package simpl-schema before 1.10.2. | 2020-10-07 | 5 | CVE-2020-7742 MISC MISC |
| sysaid -- sysaid_on-premises | SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | 2020-10-02 | 4.3 | CVE-2020-13168 MISC MISC |
| wavlink -- wn530h4_firmware | An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 2020-10-02 | 5 | CVE-2020-12127 MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | 2020-10-06 | 5 | CVE-2020-25862 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | 2020-10-06 | 5 | CVE-2020-25863 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | 2020-10-06 | 5 | CVE-2020-25866 MISC MISC MISC |
| wpo365 -- wordpress_\+_azure_ad_\/_microsoft_office_365 | The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass. | 2020-10-02 | 5 | CVE-2020-26511 MISC MISC MISC MISC |
| zohocorp -- manageengine_desktop_central | A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. | 2020-10-02 | 6.8 | CVE-2020-15589 MISC CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| gitlab -- gitlab | An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. | 2020-10-02 | 3.5 | CVE-2020-13337 CONFIRM MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. | 2020-10-02 | 3.5 | CVE-2020-13338 CONFIRM MISC |
| jenkins -- active_choices | Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-10-08 | 3.5 | CVE-2020-2289 MLIST CONFIRM |
| jenkins -- active_choices | Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-10-08 | 3.5 | CVE-2020-2290 MLIST CONFIRM |
| jenkins -- couchdb-statistics | Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-10-08 | 2.1 | CVE-2020-2291 MLIST CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service. | 2020-10-02 | 2.1 | CVE-2020-5982 CONFIRM |
| qemu -- qemu | pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. | 2020-10-06 | 2.1 | CVE-2020-25742 CONFIRM MISC MISC MISC |
| qemu -- qemu | hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. | 2020-10-06 | 2.1 | CVE-2020-25743 CONFIRM MISC MISC MISC |
| redhat -- ansible | A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. | 2020-10-05 | 3.6 | CVE-2020-25636 CONFIRM MISC |
| redhat -- ansible | A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. | 2020-10-05 | 2.1 | CVE-2020-25635 CONFIRM MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- calcite | HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore. | 2020-10-09 | not yet calculated | CVE-2020-13955 MISC |
| atlassian -- jira_server_and_data_center | Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1. | 2020-10-06 | not yet calculated | CVE-2020-14183 MISC |
| bosh_systems -- metrics_server | BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). | 2020-10-02 | not yet calculated | CVE-2020-5422 CONFIRM |
| cisco -- asr_5000_series_routers | A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | 2020-10-08 | not yet calculated | CVE-2020-3601 CISCO |
| cisco -- asr_5000_series_routers | A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command. | 2020-10-08 | not yet calculated | CVE-2020-3602 CISCO |
| cisco -- email_security_appliance | A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | 2020-10-08 | not yet calculated | CVE-2020-3568 CISCO |
cisco -- expressway_series_and_telepresence_video_communication_server | A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition. | 2020-10-08 | not yet calculated | CVE-2020-3596 CISCO |
| cisco -- firepower_management_center | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by first entering input within the web-based management interface and then persuading a user of the interface to view the crafted input within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-10-08 | not yet calculated | CVE-2020-3320 CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | 2020-10-08 | not yet calculated | CVE-2020-3589 CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. | 2020-10-08 | not yet calculated | CVE-2020-3467 CISCO |
| cisco -- industrial_network_director | A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND. | 2020-10-08 | not yet calculated | CVE-2020-3567 CISCO |
| cisco -- nexus_data_broker_software | A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device. | 2020-10-08 | not yet calculated | CVE-2020-3597 CISCO |
| cisco -- sd-wan_vmanage_software | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. | 2020-10-08 | not yet calculated | CVE-2020-3536 CISCO |
cisco -- video_surveillance_8000_series_ip_cameras | A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-10-08 | not yet calculated | CVE-2020-3544 CISCO |
cisco -- video_surveillance_8000_series_ip_cameras | A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-10-08 | not yet calculated | CVE-2020-3543 CISCO |
cisco -- vision_dynamic_signage_director | A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes. | 2020-10-08 | not yet calculated | CVE-2020-3598 CISCO |
| cisco -- webex_teams | A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account. | 2020-10-08 | not yet calculated | CVE-2020-3535 CISCO |
| cloudflare -- cloudflared | `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. | 2020-10-02 | not yet calculated | CVE-2020-24356 CONFIRM |
| cmonos.jp -- cmonos.jp | Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | 2020-10-06 | not yet calculated | CVE-2020-5631 MISC MISC MISC |
| connectwise -- automate | The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | 2020-10-09 | not yet calculated | CVE-2020-15838 MISC CONFIRM |
| contao -- contao | Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. | 2020-10-07 | not yet calculated | CVE-2020-25768 MISC CONFIRM |
| cuppacms -- cuppacms | The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | 2020-10-05 | not yet calculated | CVE-2020-26048 MISC |
| cure53 -- dompurify | Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | 2020-10-07 | not yet calculated | CVE-2020-26870 MISC MISC MISC |
| d-link -- dap-1360u_devices | D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | 2020-10-06 | not yet calculated | CVE-2020-26582 CONFIRM MISC |
| d-link -- dsr-250n_devices | An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | 2020-10-08 | not yet calculated | CVE-2020-26567 MISC MISC MISC |
| damstra -- smart_asset | An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header. | 2020-10-02 | not yet calculated | CVE-2020-26527 MISC MISC MISC |
| debian -- sympa.postinst | debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 2020-10-10 | not yet calculated | CVE-2020-26932 MISC MISC |
dell -- emc_openmanage_integration_for_microsoft_system_center_for_sccm_and_scvmm | Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. | 2020-10-08 | not yet calculated | CVE-2020-5389 MISC |
| elecom -- lan_routers | ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors. | 2020-10-06 | not yet calculated | CVE-2020-5634 MISC MISC |
| electron -- electron | In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway. | 2020-10-06 | not yet calculated | CVE-2020-15174 MISC CONFIRM |
| electron -- electron | Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. | 2020-10-06 | not yet calculated | CVE-2020-15215 CONFIRM |
| emby -- emby_server | Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | 2020-10-10 | not yet calculated | CVE-2020-26948 MISC MISC |
| facebook -- hermes | A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2020-10-08 | not yet calculated | CVE-2020-1914 CONFIRM CONFIRM |
faulkner_press -- wildlife_issues_in_the_new_millennium | Faulkner Wildlife Issues in the New Millennium 18.0.160 on Windows allows local, low-privileged users to gain privileges by creating a malicious "%SYSTEMDRIVE%\Course Software Material 18.0.1.9\cmd.exe" file. | 2020-10-08 | not yet calculated | CVE-2020-26894 MISC |
| forma.lms -- forma.lms | forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover. | 2020-10-08 | not yet calculated | CVE-2020-26802 MISC |
| garfield -- petshop | A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | 2020-10-09 | not yet calculated | CVE-2020-26522 MISC MISC MISC MISC |
| getsimple -- getsimple_cms | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | 2020-10-02 | not yet calculated | CVE-2020-18191 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | 2020-10-06 | not yet calculated | CVE-2020-13343 CONFIRM MISC MISC |
| gitlab -- gitlab | Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 2020-10-07 | not yet calculated | CVE-2020-13346 CONFIRM MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes | 2020-10-06 | not yet calculated | CVE-2020-13345 CONFIRM MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | 2020-10-08 | not yet calculated | CVE-2020-13344 CONFIRM MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 2020-10-07 | not yet calculated | CVE-2020-13342 CONFIRM MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 2020-10-08 | not yet calculated | CVE-2020-13340 CONFIRM MISC MISC |
| gitlab -- gitlab | Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 2020-10-07 | not yet calculated | CVE-2020-13335 CONFIRM MISC MISC |
| gitlab -- gitlab | In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 2020-10-07 | not yet calculated | CVE-2020-13334 CONFIRM MISC MISC |
| gitlab -- gitlab | A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | 2020-10-06 | not yet calculated | CVE-2020-13333 CONFIRM MISC MISC |
| gitlab -- gitlab | Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration. | 2020-10-07 | not yet calculated | CVE-2020-13332 CONFIRM MISC MISC |
| gitlab -- gitlab | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | 2020-10-07 | not yet calculated | CVE-2020-13347 CONFIRM MISC MISC |
| glibc -- glib2 | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | 2020-10-06 | not yet calculated | CVE-1999-0199 MISC MISC MISC |
| glpi-project -- glpi | In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory. | 2020-10-07 | not yet calculated | CVE-2020-15226 CONFIRM CONFIRM |
| glpi-project -- glpi | In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ. | 2020-10-07 | not yet calculated | CVE-2020-15217 CONFIRM CONFIRM |
| glpi-project -- glpi | In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2. | 2020-10-07 | not yet calculated | CVE-2020-15177 CONFIRM CONFIRM |
| glpi-project -- glpi | In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2 | 2020-10-07 | not yet calculated | CVE-2020-15176 CONFIRM CONFIRM |
| glpi-project -- glpi | In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2. | 2020-10-07 | not yet calculated | CVE-2020-15175 MISC CONFIRM |
| hapi_fhir -- hapi_fhir | Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. | 2020-10-08 | not yet calculated | CVE-2020-24301 MISC |
| hcl -- appscan_enterprise | "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | 2020-10-06 | not yet calculated | CVE-2019-4325 MISC |
| hcl -- appscan_enterprise | "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | 2020-10-06 | not yet calculated | CVE-2019-4326 MISC |
| hellojs -- hellojs | This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1). | 2020-10-06 | not yet calculated | CVE-2020-7741 MISC MISC MISC |
| hewlett_packard_enterprise -- kvm_ip_console_switches | A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 2020-10-02 | not yet calculated | CVE-2020-24628 MISC |
| hewlett_packard_enterprise -- kvm_ip_console_switches | A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 2020-10-02 | not yet calculated | CVE-2020-24627 MISC |
| hisilicon -- iptv/h.264/h.265_video_encoders | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | 2020-10-06 | not yet calculated | CVE-2020-24215 MISC MISC |
| hisilicon -- iptv/h.264/h.265_video_encoders | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. | 2020-10-06 | not yet calculated | CVE-2020-24217 MISC MISC |
| hisilicon -- iptv/h.264/h.265_video_encoders | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. | 2020-10-06 | not yet calculated | CVE-2020-24216 MISC MISC |
| hisilicon -- iptv/h.264/h.265_video_encoders | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. | 2020-10-06 | not yet calculated | CVE-2020-24214 MISC MISC |
| huawei -- taurus-an00b | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal. | 2020-10-09 | not yet calculated | CVE-2020-9105 MISC |
| ibm -- mq_appliance | IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | 2020-10-06 | not yet calculated | CVE-2020-4528 XF CONFIRM |
| ibm -- qradar_siem | IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. | 2020-10-08 | not yet calculated | CVE-2020-4280 XF CONFIRM |
| ibm -- qradar_siem | IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. IBM X-Force ID: 165877. | 2020-10-08 | not yet calculated | CVE-2019-4545 XF CONFIRM |
| impresscms -- impresscms | ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. | 2020-10-07 | not yet calculated | CVE-2020-17551 MISC MISC |
intel -- core_and_celeron_4000_and_5000series_processors | Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. | 2020-10-05 | not yet calculated | CVE-2019-14558 MISC |
intel -- core_and_celeron_4000_and_5000series_processors | Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access. | 2020-10-05 | not yet calculated | CVE-2019-14556 MISC |
intel -- core_and_celeron_4000_and_5000series_processors | Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access. | 2020-10-05 | not yet calculated | CVE-2019-14557 MISC |
| intel -- core_and_celeron_4000_series_processors | Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access. | 2020-10-05 | not yet calculated | CVE-2020-8671 MISC |
intel -- core_and_pentium_silver_processor_series | Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access. | 2020-10-05 | not yet calculated | CVE-2020-0571 MISC |
| jenkins -- jenkins | Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-10-08 | not yet calculated | CVE-2020-2298 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | 2020-10-08 | not yet calculated | CVE-2020-2286 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | 2020-10-08 | not yet calculated | CVE-2020-2287 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | 2020-10-08 | not yet calculated | CVE-2020-2292 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-10-08 | not yet calculated | CVE-2020-2297 MLIST CONFIRM |
| johnson_controls -- american_dynamics_victor_web_client | A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. | 2020-10-08 | not yet calculated | CVE-2020-9048 CERT CONFIRM |
| json-pointer -- json-pointer | This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported. | 2020-10-05 | not yet calculated | CVE-2020-7709 MISC MISC MISC |
| kde -- connect | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 2020-10-07 | not yet calculated | CVE-2020-26164 SUSE SUSE MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC CONFIRM |
| leostream -- connection_broker | ** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-06 | not yet calculated | CVE-2020-26574 MISC MISC |
| linux -- linux_kernel | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-10-06 | not yet calculated | CVE-2020-25643 SUSE MISC MISC |
| mb_connect_line -- mymbconnect24_and_mbconnect24 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. | 2020-10-02 | not yet calculated | CVE-2020-24568 CONFIRM |
| mcafee -- file_and_removable_media_protection | Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered. | 2020-10-07 | not yet calculated | CVE-2020-7316 MISC |
| mikrotik -- routeros | An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | 2020-10-07 | not yet calculated | CVE-2019-16160 CONFIRM MISC MISC |
| mitsubishi_electric -- multiple_products | Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. | 2020-10-05 | not yet calculated | CVE-2020-16226 MISC |
| monero -- monero_gui | monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | 2020-10-10 | not yet calculated | CVE-2020-26947 MISC |
| monocms_blog -- monocms_blog | A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user. | 2020-10-06 | not yet calculated | CVE-2020-25986 MISC MISC |
| mozilla -- firefox_and_firefox_for_android | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | 2020-10-08 | not yet calculated | CVE-2020-12400 MISC MISC MISC |
| mozilla -- firefox_and_firefox_for_android | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | 2020-10-08 | not yet calculated | CVE-2020-12401 MISC MISC MISC |
| mozilla -- thunderbird | If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. | 2020-10-08 | not yet calculated | CVE-2020-15646 MISC MISC |
| mybatis -- mybatis | MyBatis before 3.5.6 mishandles deserialization of object streams. | 2020-10-10 | not yet calculated | CVE-2020-26945 MISC MISC |
| nahimic -- apo_software_component_driver | An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges. | 2020-10-08 | not yet calculated | CVE-2019-19115 MISC |
| nec_corporation -- infocage_siteshell_series | InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files. | 2020-10-06 | not yet calculated | CVE-2020-5632 MISC MISC |
| netgear -- ex7700_devices | NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | 2020-10-09 | not yet calculated | CVE-2020-26930 MISC |
| netgear -- gs808e_devices | NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. | 2020-10-09 | not yet calculated | CVE-2020-26925 MISC |
| netgear -- jgs516pe_devices | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | 2020-10-09 | not yet calculated | CVE-2020-26919 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26912 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. | 2020-10-09 | not yet calculated | CVE-2020-26921 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26926 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | not yet calculated | CVE-2020-26931 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48. | 2020-10-09 | not yet calculated | CVE-2020-26909 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | not yet calculated | CVE-2020-26910 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26911 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26908 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-10-09 | not yet calculated | CVE-2020-26915 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40. | 2020-10-09 | not yet calculated | CVE-2020-26913 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26914 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | not yet calculated | CVE-2020-26922 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26916 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. | 2020-10-09 | not yet calculated | CVE-2020-26917 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. | 2020-10-09 | not yet calculated | CVE-2020-26918 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. | 2020-10-09 | not yet calculated | CVE-2020-26920 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26905 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | not yet calculated | CVE-2020-26923 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | not yet calculated | CVE-2020-26927 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26928 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | 2020-10-09 | not yet calculated | CVE-2020-26907 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26906 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26904 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | not yet calculated | CVE-2020-26902 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | not yet calculated | CVE-2020-26901 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | not yet calculated | CVE-2020-26900 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26899 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26897 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | not yet calculated | CVE-2020-26903 MISC |
| netgear -- r6220_and_r6230_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. | 2020-10-09 | not yet calculated | CVE-2020-26929 MISC |
| netgear -- rax40_devices | NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. | 2020-10-09 | not yet calculated | CVE-2020-26898 MISC |
| netgear -- wac720_and_wac730_devices | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. | 2020-10-09 | not yet calculated | CVE-2020-26924 MISC |
| next.js -- next.js | Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4. | 2020-10-08 | not yet calculated | CVE-2020-15242 CONFIRM MISC |
| nextcloud -- nextcloud_deck | Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | 2020-10-05 | not yet calculated | CVE-2020-8182 MISC MISC |
| nextcloud -- nextcloud_deck | Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 2020-10-05 | not yet calculated | CVE-2020-8235 MISC MISC |
| nextcloud -- nextcloud_server | A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | 2020-10-05 | not yet calculated | CVE-2020-8223 MISC MISC |
| node-pdf-generator -- node-pdf-generator | This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | 2020-10-06 | not yet calculated | CVE-2020-7740 MISC MISC |
| node.js -- node.js | ** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-06 | not yet calculated | CVE-2020-24807 MISC MISC MISC MISC |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5988 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5983 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5986 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5989 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5984 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5987 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5985 CONFIRM |
| oneplus -- app_locker | OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. | 2020-10-09 | not yet calculated | CVE-2020-13626 MISC MISC |
| opensc -- opensc | The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | 2020-10-06 | not yet calculated | CVE-2020-26572 MISC MISC |
| opensc -- opensc | The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | 2020-10-06 | not yet calculated | CVE-2020-26571 MISC |
| opensc -- opensc | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | 2020-10-06 | not yet calculated | CVE-2020-26570 MISC MISC |
| ory -- fosite | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1. | 2020-10-02 | not yet calculated | CVE-2020-15234 MISC CONFIRM |
| ory -- fosite | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1. | 2020-10-02 | not yet calculated | CVE-2020-15233 MISC CONFIRM |
| peplink -- balance | Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | 2020-10-07 | not yet calculated | CVE-2020-24246 MISC MISC |
| phantomjs -- phantomjs | This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | 2020-10-06 | not yet calculated | CVE-2020-7739 CONFIRM CONFIRM |
| php -- php | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | 2020-10-02 | not yet calculated | CVE-2020-7070 MISC MISC MISC MLIST FEDORA FEDORA FEDORA |
| php -- php | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | 2020-10-02 | not yet calculated | CVE-2020-7069 MISC FEDORA FEDORA FEDORA |
| phpgurukul -- hostel-management-system | PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | 2020-10-08 | not yet calculated | CVE-2020-25270 MISC MISC |
| phpgurukul -- hostel-management-system-in-php | PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | 2020-10-08 | not yet calculated | CVE-2020-25271 MISC MISC |
| phpmyadmin -- phpmyadmin | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | 2020-10-10 | not yet calculated | CVE-2020-26935 MISC |
| phpmyadmin -- phpmyadmin | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 2020-10-10 | not yet calculated | CVE-2020-26934 MISC |
| preferred_providers_app -- preferred_providers_app | A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | 2020-10-05 | not yet calculated | CVE-2020-8228 SUSE MISC MISC |
| projectworlds -- car_rental_management_system | A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login. | 2020-10-06 | not yet calculated | CVE-2020-23832 MISC MISC MISC |
| pyrocms -- pyrocms | PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. | 2020-10-08 | not yet calculated | CVE-2020-25263 MISC MISC MISC |
| pyrocms -- pyrocms | PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. | 2020-10-08 | not yet calculated | CVE-2020-25262 MISC MISC MISC |
| qdpm -- qdpm | The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task. | 2020-10-05 | not yet calculated | CVE-2020-26166 MISC MISC MISC |
| qemu -- qemu | fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. | 2020-10-02 | not yet calculated | CVE-2020-25741 CONFIRM MISC MISC CONFIRM |
| ractf -- ractf | In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched. | 2020-10-05 | not yet calculated | CVE-2020-15235 MISC CONFIRM |
| ruby -- ruby | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. | 2020-10-06 | not yet calculated | CVE-2020-25613 CONFIRM MISC CONFIRM |
| shrine -- shrine | In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory. | 2020-10-05 | not yet calculated | CVE-2020-15237 MISC CONFIRM |
| smarter -- coffee_maker | ** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-07 | not yet calculated | CVE-2020-15501 MISC |
| smartstore -- smartstore | Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability. | 2020-10-08 | not yet calculated | CVE-2020-15243 CONFIRM |
| soplanning -- soplanning | SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication. | 2020-10-07 | not yet calculated | CVE-2020-25867 MISC |
| sourcecodester -- online_bus_booking_system | In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | 2020-10-08 | not yet calculated | CVE-2020-25272 MISC MISC |
| sourcecodester -- online_bus_booking_system | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | 2020-10-08 | not yet calculated | CVE-2020-25273 MISC MISC |
| spice -- spice_remote_display_system | Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | 2020-10-07 | not yet calculated | CVE-2020-14355 MISC DEBIAN MISC |
| symmetricds -- symmetricds | Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | 2020-10-05 | not yet calculated | CVE-2020-24231 MISC |
| sympa -- sympa | Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. | 2020-10-07 | not yet calculated | CVE-2020-26880 MISC MISC MISC |
| symphony_cms -- symphony_cms | Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php | 2020-10-07 | not yet calculated | CVE-2020-25343 MISC |
| trend_micro -- antivirus_for_mac_2020 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2020-10-02 | not yet calculated | CVE-2020-25776 N/A N/A |
| typo3 -- fluid_engine | TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1). | 2020-10-08 | not yet calculated | CVE-2020-15241 MISC CONFIRM MISC |
| uraytech -- iptv/h.264/h.265_video_encoders | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | 2020-10-06 | not yet calculated | CVE-2020-24219 MISC MISC |
| uraytech -- iptv/h.264/h.265_video_encoders | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | 2020-10-06 | not yet calculated | CVE-2020-24218 MISC MISC |
| vapor -- vapor | Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. | 2020-10-02 | not yet calculated | CVE-2020-15230 MISC MISC CONFIRM |
| whatsapp -- whatsapp | Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message. | 2020-10-06 | not yet calculated | CVE-2020-1901 CONFIRM |
| whatsapp -- whatsapp | A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP. | 2020-10-06 | not yet calculated | CVE-2020-1902 CONFIRM |
| whatsapp -- whatsapp | An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts. | 2020-10-06 | not yet calculated | CVE-2020-1903 CONFIRM |
| whatsapp -- whatsapp | Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated. | 2020-10-06 | not yet calculated | CVE-2020-1905 CONFIRM |
| whatsapp -- whatsapp | A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages. | 2020-10-06 | not yet calculated | CVE-2020-1904 CONFIRM |
| whatsapp -- whatsapp | A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header. | 2020-10-06 | not yet calculated | CVE-2020-1907 CONFIRM |
| whatsapp -- whatsapp | A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams. | 2020-10-06 | not yet calculated | CVE-2020-1906 CONFIRM |
| wireshark -- wireshark | In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | 2020-10-06 | not yet calculated | CVE-2020-26575 MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. | 2020-10-07 | not yet calculated | CVE-2020-26596 MISC MISC |
| wordpress -- wordpress | The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). | 2020-10-07 | not yet calculated | CVE-2020-26876 MISC MISC MISC |
| xerox -- workcentre_ec7836 | Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | 2020-10-09 | not yet calculated | CVE-2020-26162 MISC CONFIRM |
| xmpp-http-upload -- xmpp-http-upload | In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic. For example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access. If instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances. If the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload. The issue is patched in version 0.4.0. | 2020-10-06 | not yet calculated | CVE-2020-15239 MISC MISC CONFIRM MISC |
| zabbix -- zabbix_server | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | 2020-10-07 | not yet calculated | CVE-2020-11800 MISC CONFIRM CONFIRM CONFIRM |
| zoho -- manageengine_applications_manager | Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | 2020-10-08 | not yet calculated | CVE-2020-10816 MISC CONFIRM |
| zoho -- manageengine_applications_manager | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | 2020-10-06 | not yet calculated | CVE-2020-15927 MISC CONFIRM CONFIRM |
| zoho -- manageenginer_applications_manager | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | 2020-10-06 | not yet calculated | CVE-2020-16267 MISC CONFIRM CONFIRM |
| zte -- zxone_1970_snpe | A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | 2020-10-05 | not yet calculated | CVE-2020-6875 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.