Vulnerability Summary for the Week of November 16, 2020

Released
Nov 23, 2020
Document ID
SB20-328

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
golang -- goGo before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.2020-11-187.5CVE-2020-28367
MISC
CONFIRM
MLIST
MLIST
FEDORA
golang -- goGo before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.2020-11-187.5CVE-2020-28366
MISC
CONFIRM
MLIST
FEDORA
jetbrains -- toolboxJetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.2020-11-1610CVE-2020-25207
MISC
CONFIRM
riken -- xoonipsDeserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.2020-11-167.5CVE-2020-5664
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
chronoengine -- chronoforumsChronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.2020-11-164.3CVE-2020-27459
MISC
cmsuno_project -- cmsunoAn authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.2020-11-136.5CVE-2020-25538
MISC
golang -- goGo before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.2020-11-185CVE-2020-28362
CONFIRM
MLIST
FEDORA
intel -- proset\/wireless_wifiInsufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.2020-11-135.8CVE-2020-12313
MISC
ivanti -- endpoint_managerLDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.2020-11-166.5CVE-2020-13769
MISC
MISC
ivanti -- endpoint_managerIn /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.2020-11-165CVE-2020-13772
MISC
MISC
jetbrains -- toolboxJetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.2020-11-165CVE-2020-25013
MISC
CONFIRM
jetbrains -- youtrackIn JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.2020-11-165CVE-2020-25210
MISC
CONFIRM
jetbrains -- youtrackJetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.2020-11-165CVE-2020-27626
MISC
CONFIRM
jetbrains -- youtrackIn JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.2020-11-165CVE-2020-27625
MISC
jetbrains -- youtrackJetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.2020-11-165CVE-2020-27624
MISC
CONFIRM
jetbrains -- youtrackIn JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.2020-11-165CVE-2020-25209
MISC
CONFIRM
microfocus -- arcsight_loggerCross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)2020-11-174.3CVE-2020-11860
CONFIRM
microfocus -- arcsight_loggerCross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).2020-11-174.3CVE-2020-25834
CONFIRM
netapp -- hciElement Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.2020-11-135CVE-2020-8583
MISC
netapp -- hciElement Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.2020-11-134CVE-2020-8582
MISC
pixar -- openusdA heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.2020-11-136.8CVE-2020-6147
FULLDISC
MISC
pixar -- openusdA heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.2020-11-136.8CVE-2020-6156
MISC
pixar -- openusdA heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.2020-11-136.8CVE-2020-6155
MISC
pixar -- openusdA heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.2020-11-136.8CVE-2020-6150
MISC
pixar -- openusdA heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.2020-11-136.8CVE-2020-6149
MISC
pixar -- openusdA heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.2020-11-136.8CVE-2020-6148
MISC
postgresql -- postgresqlA flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2020-11-166.5CVE-2020-25695
MISC
MISC
postgresql -- postgresqlA flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2020-11-166.8CVE-2020-25694
MISC
MISC
riken -- xoonipsSQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2020-11-166.5CVE-2020-5659
MISC
MISC
riken -- xoonipsStored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.2020-11-164CVE-2020-5663
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.2020-11-132.1CVE-2020-4886
XF
CONFIRM
jetbrains -- youtrackSensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.2020-11-162.1CVE-2020-24366
MISC
CONFIRM
microfocus -- filrReflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.2020-11-173.5CVE-2020-25832
CONFIRM
microfocus -- idolPersistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.2020-11-173.5CVE-2020-25833
CONFIRM
nagios -- nagios_xiNagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).2020-11-163.5CVE-2020-27988
CONFIRM
nagios -- nagios_xiNagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).2020-11-163.5CVE-2020-27989
CONFIRM
nagios -- nagios_xiNagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).2020-11-163.5CVE-2020-27990
CONFIRM
nagios -- nagios_xiNagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).2020-11-163.5CVE-2020-27991
CONFIRM
riken -- xoonipsReflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.2020-11-163.5CVE-2020-5662
MISC
MISC
salesagility -- suitecrmSuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.2020-11-183.5CVE-2020-14208
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airleader -- master_and_easy_devices
 
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.2020-11-16not yet calculatedCVE-2020-26509
MISC
airleader -- master_devices
 
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.2020-11-16not yet calculatedCVE-2020-26510
MISC
amazon -- amazon_web_services_encryption_sdkA weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.2020-11-16not yet calculatedCVE-2020-8897
CONFIRM
CONFIRM
anuku -- time_tracker
 
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox2020-11-16not yet calculatedCVE-2020-27423
MISC
anuku -- time_tracker
 
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.2020-11-16not yet calculatedCVE-2020-27422
MISC
MISC
apache -- libapreq2
 
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.2020-11-19not yet calculatedCVE-2019-12412
MISC
MISC
apache -- openoffice
 
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.2020-11-17not yet calculatedCVE-2020-13958
MISC
archive_tar -- archive_tarArchive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.2020-11-19not yet calculatedCVE-2020-28949
MISC
archive_tar -- archive_tar
 
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.2020-11-19not yet calculatedCVE-2020-28948
MISC
artworks_gallery -- artworks_gallery
 
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.2020-11-17not yet calculatedCVE-2020-28688
MISC
MISC
artworks_gallery -- artworks_gallery
 
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.2020-11-17not yet calculatedCVE-2020-28687
MISC
MISC
avaya -- weblm
 
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.2020-11-13not yet calculatedCVE-2020-7032
MISC
FULLDISC
CONFIRM
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.2020-11-17not yet calculatedCVE-2020-26550
MISC
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.2020-11-17not yet calculatedCVE-2020-26548
MISC
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.2020-11-17not yet calculatedCVE-2020-26549
MISC
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.2020-11-17not yet calculatedCVE-2020-26551
MISC
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.2020-11-17not yet calculatedCVE-2020-26552
MISC
aviatrix -- cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.2020-11-17not yet calculatedCVE-2020-26553
MISC
avid_cloud_solutions -- cloudavid_pparam
 
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.2020-11-16not yet calculatedCVE-2020-28723
MISC
MISC
avideo -- avideo
 
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.2020-11-16not yet calculatedCVE-2020-23490
MISC
MISC
avideo -- avideo
 
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.2020-11-16not yet calculatedCVE-2020-23489
MISC
MISC
basetech -- ge-131-1837836_firmware
 
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information.2020-11-17not yet calculatedCVE-2020-27553
MISC
basetech -- ge-131-1837836_firmware
 
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.2020-11-17not yet calculatedCVE-2020-27555
MISC
basetech -- ge-131-1837836_firmware
 
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.2020-11-17not yet calculatedCVE-2020-27558
MISC
basetech -- ge-131-1837836_firmware
 
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.2020-11-17not yet calculatedCVE-2020-27557
MISC
basetech -- ge-131-1837836_firmware
 
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.2020-11-17not yet calculatedCVE-2020-27554
MISC
basetech -- ge-131-1837836_firmware
 
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.2020-11-17not yet calculatedCVE-2020-27556
MISC
beckhoff _automation -- twincat
 
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.2020-11-19not yet calculatedCVE-2020-12510
CONFIRM
bejing_liangiing_zhicheng_technology -- ltd_ljcmsshop
 
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.2020-11-18not yet calculatedCVE-2020-22723
MISC
MISC
bernd_bestel -- grocy
 
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.2020-11-18not yet calculatedCVE-2020-25454
MISC
big-ip -- big-ip_platforms
 
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).2020-11-19not yet calculatedCVE-2020-5947
CONFIRM
bigbluebutton -- bigbluebutton
 
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.2020-11-19not yet calculatedCVE-2020-28953
MISC
MISC
bigbluebutton -- bigbluebutton
 
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.2020-11-19not yet calculatedCVE-2020-28954
MISC
MISC
MISC
MISC
binarynights -- forklift
 
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.2020-11-17not yet calculatedCVE-2020-27192
MISC
binarynights -- forklift
 
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.2020-11-17not yet calculatedCVE-2020-15349
CONFIRM
MISC
canon -- oce_colorwave_3500_devices
 
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.2020-11-16not yet calculatedCVE-2020-26508
MISC
canonical -- ubuntu_pulseaudio
 
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.2020-11-19not yet calculatedCVE-2020-15710
UBUNTU
UBUNTU
cisco -- asyncos
 
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.2020-11-18not yet calculatedCVE-2020-3367
CISCO
cisco -- dna_spaces_connector
 
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.2020-11-18not yet calculatedCVE-2020-3586
CISCO
cisco -- expressway
 
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.2020-11-18not yet calculatedCVE-2020-3482
CISCO
cisco -- integrated_management_controller
 
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).2020-11-18not yet calculatedCVE-2020-3470
CISCO
cisco -- iot_field_network_directorA vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.2020-11-18not yet calculatedCVE-2020-26080
CISCO
cisco -- iot_field_network_directorA vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.2020-11-18not yet calculatedCVE-2020-26078
CISCO
cisco -- iot_field_network_director
 
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.2020-11-18not yet calculatedCVE-2020-26081
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.2020-11-18not yet calculatedCVE-2020-26079
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.2020-11-18not yet calculatedCVE-2020-26077
CISCO
cisco -- iot_field_network_director
 
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.2020-11-18not yet calculatedCVE-2020-26076
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.2020-11-18not yet calculatedCVE-2020-26075
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.2020-11-18not yet calculatedCVE-2020-26072
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.2020-11-18not yet calculatedCVE-2020-3392
CISCO
cisco -- iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.2020-11-18not yet calculatedCVE-2020-3531
CISCO
cisco -- security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.2020-11-17not yet calculatedCVE-2020-27125
CISCO
cisco -- security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.2020-11-17not yet calculatedCVE-2020-27130
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.2020-11-17not yet calculatedCVE-2020-27131
CISCO
cisco -- telepresence_ce_software_and_roomos_software
 
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.2020-11-18not yet calculatedCVE-2020-26068
CISCO
cisco -- webex_meetings
 
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.2020-11-18not yet calculatedCVE-2020-27126
CISCO
cisco -- webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.2020-11-18not yet calculatedCVE-2020-3471
CISCO
cisco -- webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.2020-11-18not yet calculatedCVE-2020-3441
CISCO
cisco -- webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.2020-11-18not yet calculatedCVE-2020-3419
CISCO
citrix -- sd-wan_centerPrivilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.2020-11-16not yet calculatedCVE-2020-8273
MISC
citrix -- sd-wan_center
 
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.82020-11-16not yet calculatedCVE-2020-8272
MISC
citrix -- sd-wan_center
 
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.82020-11-16not yet calculatedCVE-2020-8271
MISC
citrix -- virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU92020-11-16not yet calculatedCVE-2020-8269
MISC
citrix -- virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX2853422020-11-16not yet calculatedCVE-2020-8270
MISC
controlled-merge -- controlled-merge
 
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.2020-11-15not yet calculatedCVE-2020-28268
MISC
MISC
cxuucms -- cxuucms
 
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.2020-11-18not yet calculatedCVE-2020-28091
MISC
CONFIRM
doc-path -- doc-path
 
This affects the package doc-path before 2.1.2.2020-11-15not yet calculatedCVE-2020-7772
CONFIRM
CONFIRM
CONFIRM
drupal -- drupal
 
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.2020-11-20not yet calculatedCVE-2020-13671
CONFIRM
endress+hauser -- ecograph_t
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.2020-11-19not yet calculatedCVE-2020-12495
CONFIRM
endress+hauser -- ecograph_t_and_memograph_m
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.2020-11-19not yet calculatedCVE-2020-12496
CONFIRM
fastadmin -- fastadmin
 
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.2020-11-17not yet calculatedCVE-2020-21665
MISC
firebase -- util
 
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.2020-11-16not yet calculatedCVE-2020-7765
CONFIRM
CONFIRM
CONFIRM
garmin -- forerunner_235Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.2020-11-16not yet calculatedCVE-2020-27484
MISC
garmin -- forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution.2020-11-16not yet calculatedCVE-2020-27483
MISC
garmin -- forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.2020-11-16not yet calculatedCVE-2020-27486
MISC
garmin -- forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.2020-11-16not yet calculatedCVE-2020-27485
MISC
genexis -- platinum_4410_router
 
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.2020-11-17not yet calculatedCVE-2020-25988
MISC
MISC
MISC
MISC
gila -- gila_cms
 
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.2020-11-16not yet calculatedCVE-2020-28692
MISC
gitlab -- ce/cc
 
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-26405
CONFIRM
MISC
MISC
gitlab -- ce/eeAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-19not yet calculatedCVE-2020-13355
CONFIRM
MISC
MISC
gitlab -- ce/ee

 

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.2020-11-17not yet calculatedCVE-2020-13350
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-19not yet calculatedCVE-2020-13356
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-13358
CONFIRM
MISC
gitlab -- ce/ee
 
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-19not yet calculatedCVE-2020-13359
CONFIRM
MISC
gitlab -- ce/ee
 
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.2020-11-17not yet calculatedCVE-2020-13354
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.2020-11-17not yet calculatedCVE-2020-13351
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-13352
CONFIRM
MISC
MISC
gitlab -- ee

 

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-13349
CONFIRM
MISC
gitlab -- ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-13348
CONFIRM
MISC
gitlab -- ee
 
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-26406
CONFIRM
MISC
MISC
gitlab -- gitlay
 
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.2020-11-17not yet calculatedCVE-2020-13353
CONFIRM
MISC
hcl -- domino
 
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.2020-11-21not yet calculatedCVE-2020-14234
CONFIRM
hcl -- domino
 
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.2020-11-21not yet calculatedCVE-2020-14230
CONFIRM
hcl -- notes
 
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.2020-11-21not yet calculatedCVE-2020-14258
CONFIRM
horizontcms -- horizontcmsAn unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>2020-11-16not yet calculatedCVE-2020-28693
MISC
MISC
ibm -- business_automation_workflow
 
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.2020-11-16not yet calculatedCVE-2020-4672
XF
CONFIRM
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.2020-11-19not yet calculatedCVE-2020-4701
XF
CONFIRM
ibm -- db2_accessories_suite
 
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.2020-11-20not yet calculatedCVE-2020-4739
XF
CONFIRM
ibm -- jazz_reporting_service
 
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.2020-11-19not yet calculatedCVE-2020-4718
XF
CONFIRM
ibm -- mq_appliance
 
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.2020-11-18not yet calculatedCVE-2020-4592
XF
CONFIRM
ibm -- power9
 
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.2020-11-20not yet calculatedCVE-2020-4788
MLIST
MLIST
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.2020-11-16not yet calculatedCVE-2020-4692
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.2020-11-16not yet calculatedCVE-2020-4700
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.2020-11-16not yet calculatedCVE-2020-4566
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.2020-11-16not yet calculatedCVE-2020-4655
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.2020-11-16not yet calculatedCVE-2020-4705
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.2020-11-16not yet calculatedCVE-2020-4671
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.2020-11-16not yet calculatedCVE-2020-4475
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.2020-11-20not yet calculatedCVE-2020-4937
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.2020-11-16not yet calculatedCVE-2020-4763
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.2020-11-16not yet calculatedCVE-2020-4647
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.2020-11-16not yet calculatedCVE-2020-4476
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.2020-11-16not yet calculatedCVE-2020-4665
XF
CONFIRM
imagemagik -- imagemagik
 
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.2020-11-20not yet calculatedCVE-2020-19667
MISC
infinitewp -- admin_panel
 
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.2020-11-16not yet calculatedCVE-2020-28642
MISC
influxdata -- influxdb
 
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).2020-11-19not yet calculatedCVE-2019-20933
MISC
MISC
MISC
ivanti -- endpoint_manager
 
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.2020-11-16not yet calculatedCVE-2020-13773
MISC
MISC
jamodat -- tsmmanager_collector
 
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.2020-11-19not yet calculatedCVE-2020-28054
MISC
MISC
MISC
jetbrains -- ideavimJetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.2020-11-16not yet calculatedCVE-2020-27623
MISC
CONFIRM
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.2020-11-16not yet calculatedCVE-2020-27622
MISC
CONFIRM
jetbrains -- ktor
 
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.2020-11-16not yet calculatedCVE-2020-26129
MISC
CONFIRM
jetbrains -- teamcity
 
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.2020-11-16not yet calculatedCVE-2020-27629
MISC
CONFIRM
jetbrains -- teamcity
 
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.2020-11-16not yet calculatedCVE-2020-27627
MISC
CONFIRM
jetbrains -- teamcity
 
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.2020-11-16not yet calculatedCVE-2020-27628
MISC
CONFIRM
jupyter -- notebook
 
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.2020-11-18not yet calculatedCVE-2020-26215
MISC
CONFIRM
kaa -- iot_platform
 
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.2020-11-17not yet calculatedCVE-2020-26701
MISC
kamailio -- kamailio
 
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.2020-11-18not yet calculatedCVE-2020-28361
MISC
MISC
kata -- containers
 
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.2020-11-17not yet calculatedCVE-2020-28914
MISC
MISC
MISC
MISC
MISC
kyocera -- ecosys_m2640idw_printers
 
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions2020-11-17not yet calculatedCVE-2020-25890
MISC
lemoncms -- lemoncms
 
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.2020-11-18not yet calculatedCVE-2020-25406
MISC
libsixel -- libsixel
 
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.2020-11-20not yet calculatedCVE-2020-19668
MISC
libsvm -- scikit-learn
 
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array.2020-11-21not yet calculatedCVE-2020-28975
MISC
MISC
libuci -- openwrt
 
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.2020-11-19not yet calculatedCVE-2020-28951
MISC
MISC
MISC
libvips -- libvips
 
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.2020-11-20not yet calculatedCVE-2020-20739
MISC
MISC
limesurvey -- limesurvey
 
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.2020-11-17not yet calculatedCVE-2020-25798
MISC
MISC

linux -- linux_kernel

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.2020-11-20not yet calculatedCVE-2020-28974
MISC
MISC
MISC
linux -- linux_kernel
 
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.2020-11-18not yet calculatedCVE-2020-28915
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.2020-11-17not yet calculatedCVE-2020-25705
MISC
linux -- linux_kernel
 
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.2020-11-19not yet calculatedCVE-2020-28941
MLIST
MISC
MISC
MISC
MISC
lionwiki -- lionwiki
 
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2020-11-16not yet calculatedCVE-2020-27191
MISC
MISC
markdown-it-highlightjs -- markdown-it-highlightjs
 
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require("markdown-it-highlightjs"); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){.">js}'); console.log(reuslt_xss);2020-11-16not yet calculatedCVE-2020-7773
CONFIRM
CONFIRM
CONFIRM
melsec -- iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.2020-11-16not yet calculatedCVE-2020-5666
MISC
MISC
MISC
MISC
melsec -- iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet2020-11-20not yet calculatedCVE-2020-5668
MISC
MISC
MISC
MISC
mercedes-benz -- hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.2020-11-16not yet calculatedCVE-2019-19562
MISC
MISC
mercedes-benz -- hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.2020-11-16not yet calculatedCVE-2019-19563
MISC
MISC
mercedes-benz -- hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.2020-11-16not yet calculatedCVE-2019-19556
MISC
MISC
mercedes-benz -- hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.2020-11-16not yet calculatedCVE-2019-19561
MISC
MISC
mercedes-benz -- hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.2020-11-16not yet calculatedCVE-2019-19560
MISC
MISC
mercedes-benz -- hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.2020-11-16not yet calculatedCVE-2019-19557
MISC
MISC
micro_focus -- arcsight_logger
 
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.2020-11-17not yet calculatedCVE-2020-11851
CONFIRM
misp -- misp
 
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.2020-11-19not yet calculatedCVE-2020-28947
MISC
moodle -- moodleIn moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.2020-11-19not yet calculatedCVE-2020-25699
MISC
MISC
moodle -- moodle
 
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.2020-11-19not yet calculatedCVE-2020-25700
MISC
MISC
moodle -- moodle
 
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.2020-11-19not yet calculatedCVE-2020-25701
MISC
MISC
moodle -- moodle
 
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.2020-11-19not yet calculatedCVE-2020-25703
MISC
MISC
moodle -- moodle
 
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.2020-11-19not yet calculatedCVE-2020-25698
MISC
MISC
moodle -- moodle
 
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.2020-11-19not yet calculatedCVE-2020-25702
MISC
MISC
nagios -- nagios_xi
 
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.2020-11-16not yet calculatedCVE-2020-28648
MISC
netiq -- identity_manager
 
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.2020-11-20not yet calculatedCVE-2020-25839
CONFIRM
netis -- korea_d'live_ap
 
Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10.2020-11-20not yet calculatedCVE-2020-7842
CONFIRM
netskope -- netskope
 
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.2020-11-20not yet calculatedCVE-2020-28845
MISC
nextcloud -- server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.2020-11-16not yet calculatedCVE-2020-8152
MISC
MISC
nextcloud -- social
 
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.2020-11-19not yet calculatedCVE-2020-8279
MISC
CONFIRM
nextcloud -- social
 
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.2020-11-19not yet calculatedCVE-2020-8278
MISC
CONFIRM
nexttcloud -- server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.2020-11-16not yet calculatedCVE-2020-8259
MISC
MISC
node -- node.js
 
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.2020-11-19not yet calculatedCVE-2020-8277
MISC
CONFIRM
oppo_security -- com.coloros.codebook
 
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.2020-11-19not yet calculatedCVE-2020-11829
CONFIRM
oppo_security -- com.coloros.codebook
 
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.2020-11-19not yet calculatedCVE-2020-11831
CONFIRM
oppo_security -- com.coloros.codebook
 
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.2020-11-19not yet calculatedCVE-2020-11830
CONFIRM
paradox -- ip150
 
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).2020-11-21not yet calculatedCVE-2020-25189
MISC
paradox -- ip150
 
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).2020-11-21not yet calculatedCVE-2020-25185
MISC
pdfresurrect -- pdfresurrect
 
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().2020-11-20not yet calculatedCVE-2020-20740
MISC
MISC
pescms -- pescms_team
 
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=2020-11-17not yet calculatedCVE-2020-28092
MISC
MISC
phpgurukul -- user_registration_and_login_nd_user_management_system
 
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.2020-11-18not yet calculatedCVE-2020-24723
MISC
MISC
phpgurukul -- user_registration_and_login_user_management_system
 
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.2020-11-16not yet calculatedCVE-2020-25952
MISC
MISC
MISC
planet_technology -- corp_nvr-915_and_nvr-1615_products
 
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2020-11-18not yet calculatedCVE-2020-26097
MISC
prestashop -- prestashop
 
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.2020-11-16not yet calculatedCVE-2020-26224
MISC
CONFIRM
prestashop -- product_comments
 
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.02020-11-16not yet calculatedCVE-2020-26225
MISC
CONFIRM
primekey -- ejbca
 
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.2020-11-19not yet calculatedCVE-2020-28942
MISC
pritunl -- electron_client
 
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.2020-11-19not yet calculatedCVE-2020-25989
CONFIRM
MISC
progress -- moveit_transder
 
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).2020-11-17not yet calculatedCVE-2020-28647
CONFIRM
MISC
qnap -- qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.2020-11-16not yet calculatedCVE-2020-2490
CONFIRM
qnap -- qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.2020-11-16not yet calculatedCVE-2020-2492
CONFIRM
rclone -- rclone
 
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.2020-11-19not yet calculatedCVE-2020-28924
MISC
MISC
red_hat -- jboss_keycloak
 
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.2020-11-17not yet calculatedCVE-2020-10776
MISC
red_hat -- jboss_keycloak
 
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.2020-11-17not yet calculatedCVE-2020-14389
MISC
red_hat -- xpdf
 
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.2020-11-21not yet calculatedCVE-2020-25725
CONFIRM
MISC
reddoxx -- maildepot_2033
 
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.2020-11-18not yet calculatedCVE-2020-26554
MISC
MISC
resourcexpress -- qubi3_devices
 
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.2020-11-17not yet calculatedCVE-2020-25746
CONFIRM
MISC
rsa -- archer
 
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.2020-11-18not yet calculatedCVE-2020-26884
CONFIRM
schneider_electric -- easergy_t300
 
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.2020-11-19not yet calculatedCVE-2020-7561
MISC
schneider_electric -- ecostruxure_building_operation_enterprise_server
 
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.2020-11-19not yet calculatedCVE-2020-28209
MISC
schneider_electric -- ecostruxure_building_operation_webreportsA CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.2020-11-19not yet calculatedCVE-2020-7572
MISC
schneider_electric -- ecostruxure_building_operation_webreports
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.2020-11-19not yet calculatedCVE-2020-7570
MISC
schneider_electric -- ecostruxure_building_operation_webreports
 
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.2020-11-19not yet calculatedCVE-2020-7569
MISC
schneider_electric -- ecostruxure_building_operation_webreports
 
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.2020-11-19not yet calculatedCVE-2020-7571
MISC
schneider_electric -- ecostruxure_building_operation_webreports
 
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.2020-11-19not yet calculatedCVE-2020-7573
MISC
schneider_electric -- ecostruxure_building_operation_webstation
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.2020-11-19not yet calculatedCVE-2020-28210
MISC
schneider_electric -- ecostruxure_control_expertA CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.2020-11-19not yet calculatedCVE-2020-28213
MISC
schneider_electric -- ecostruxure_control_expert
 
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.2020-11-19not yet calculatedCVE-2020-28212
MISC
schneider_electric -- ecostruxure_control_expert
 
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.2020-11-19not yet calculatedCVE-2020-28211
MISC
schneider_electric -- ecostruxure_control_expert
 
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.2020-11-19not yet calculatedCVE-2020-7559
MISC
schneider_electric -- ecostruxure_operator_terminal_expert
 
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.2020-11-19not yet calculatedCVE-2020-7544
MISC
schneider_electric -- igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7556
MISC
schneider_electric -- igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7558
MISC
schneider_electric -- igss_definition
 
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7557
MISC
schneider_electric -- igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7555
MISC
schneider_electric -- igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7550
MISC
schneider_electric -- igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7551
MISC
schneider_electric -- igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7552
MISC
schneider_electric -- igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7554
MISC
schneider_electric -- igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.2020-11-19not yet calculatedCVE-2020-7553
MISC
schneider_electric -- modicon_m221A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.2020-11-19not yet calculatedCVE-2020-7567
MISC
schneider_electric -- modicon_m221
 
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.2020-11-19not yet calculatedCVE-2020-7566
MISC
schneider_electric -- modicon_m221
 
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.2020-11-19not yet calculatedCVE-2020-7565
MISC
schneider_electric -- modicon_m221
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.2020-11-19not yet calculatedCVE-2020-7568
MISC
schneider_electric -- multiple_productsA CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.2020-11-18not yet calculatedCVE-2020-7564
MISC
schneider_electric -- multiple_products
 
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.2020-11-18not yet calculatedCVE-2020-7562
MISC
schneider_electric -- multiple_products
 
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.2020-11-18not yet calculatedCVE-2020-7563
MISC
schneider_electric -- plc_simulator_on_ecostruxure_control_expert
 
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.2020-11-19not yet calculatedCVE-2020-7538
MISC
scratchverifier -- scratchverifier
 
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login.2020-11-20not yet calculatedCVE-2020-26236
MISC
CONFIRM
semantic-release -- semantic-release
 
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.2020-11-18not yet calculatedCVE-2020-26226
MISC
CONFIRM
sensormatics_electronics -- american_dynamics_victor_web_client_and_software_house_c.cure_web_client
 
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.2020-11-19not yet calculatedCVE-2020-9049
CERT
CONFIRM
sokrates -- sowa
 
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.2020-11-19not yet calculatedCVE-2020-28350
MISC
sourcecodester -- gym_management_system
 
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.2020-11-17not yet calculatedCVE-2020-28129
MISC
MISC
sourcecodester -- online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.2020-11-17not yet calculatedCVE-2020-28138
MISC
MISC
sourcecodester -- online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.2020-11-17not yet calculatedCVE-2020-28140
MISC
MISC
sourcecodester -- online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.2020-11-17not yet calculatedCVE-2020-28139
MISC
MISC
sourcecodester -- online_library_management_system
 
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).2020-11-17not yet calculatedCVE-2020-28130
MISC
MISC
sourcecodester -- simple_grocery_store_sales_and_inventory_system
 
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.2020-11-17not yet calculatedCVE-2020-28133
MISC
MISC
sourcecodester -- tourism_management_system
 
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.2020-11-17not yet calculatedCVE-2020-28136
MISC
MISC
sourcecodester -- water_billing_system
 
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.2020-11-17not yet calculatedCVE-2020-28183
MISC
MISC
MISC
suitecrm -- suitecrmSuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.2020-11-18not yet calculatedCVE-2020-15300
MISC
suitecrm -- suitecrm
 
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.2020-11-18not yet calculatedCVE-2020-15301
MISC
symantec -- endpoint_detection_and_response
 
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.2020-11-18not yet calculatedCVE-2020-12593
CONFIRM
taskcafe -- project_management_tool
 
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.2020-11-17not yet calculatedCVE-2020-25400
MISC
tenable -- tp-link_archer
 
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.2020-11-21not yet calculatedCVE-2020-5797
MISC
tobesoft -- xplatform
 
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://2020-11-17not yet calculatedCVE-2020-7841
MISC
tp-link -- multiple_devices
 
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.2020-11-20not yet calculatedCVE-2020-28877
MISC
tp-link -- tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_2010232020-11-18not yet calculatedCVE-2020-24297
MISC
MISC
tp-link -- tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_2010232020-11-18not yet calculatedCVE-2020-28005
MISC
MISC
trend_micro -- apex_one
 
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.2020-11-18not yet calculatedCVE-2020-28572
MISC
trend_micro -- interscan_web_security_virtual_applianceA command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.2020-11-18not yet calculatedCVE-2020-28581
MISC
MISC
trend_micro -- interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.2020-11-18not yet calculatedCVE-2020-28578
MISC
MISC
trend_micro -- interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.2020-11-18not yet calculatedCVE-2020-28579
MISC
MISC
trend_micro -- interscan_web_security_virtual_appliance
 
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.2020-11-18not yet calculatedCVE-2020-28580
MISC
MISC
trend_micro -- security_2020Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.2020-11-18not yet calculatedCVE-2020-27697
MISC
trend_micro -- security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.2020-11-18not yet calculatedCVE-2020-27695
MISC
trend_micro -- security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.2020-11-18not yet calculatedCVE-2020-27696
MISC
trend_micro -- worry-free_business_security
 
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.2020-11-18not yet calculatedCVE-2020-28574
MISC
MISC
trusted_computing_group -- trusted_platform_module_library_family
 
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.2020-11-18not yet calculatedCVE-2020-26933
MISC
CONFIRM
typ03 -- typ03
 
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.2020-11-18not yet calculatedCVE-2020-28917
MISC
typo3 -- fluid
 
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory.2020-11-17not yet calculatedCVE-2020-26216
MISC
CONFIRM
MISC
valve -- game_networking_sockets
 
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.2020-11-18not yet calculatedCVE-2020-6016
MISC
vmware -- esxi
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)2020-11-20not yet calculatedCVE-2020-4005
CONFIRM
vmware -- multiple_products
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.2020-11-20not yet calculatedCVE-2020-4004
CONFIRM
volkswagon -- discover_media_infotainment_system
 
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.2020-11-16not yet calculatedCVE-2020-28656
MISC
werkzeug -- werkzeug
 
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.2020-11-18not yet calculatedCVE-2020-28724
MISC
MISC
MISC
western_digital -- inand_devices
 
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack.2020-11-18not yet calculatedCVE-2020-13799
MISC
CONFIRM
wordpress -- wordpress
 
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.2020-11-16not yet calculatedCVE-2020-28650
MISC
wordpress -- wordpress
 
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.2020-11-16not yet calculatedCVE-2020-28649
MISC
MISC
xstream -- xstream
 
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.2020-11-16not yet calculatedCVE-2020-26217
CONFIRM
CONFIRM
CONFIRM
y18n -- y18n
 
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true2020-11-17not yet calculatedCVE-2020-7774
MISC
MISC
MISC
MISC
yzmcms -- yzmcms
 
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.2020-11-19not yet calculatedCVE-2020-22394
MISC
zte -- multiple_devices
 
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.2020-11-19not yet calculatedCVE-2020-6879
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.