Bulletin (SB20-139)

Vulnerability Summary for the Week of May 11, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
actionpack_page-caching_gem -- actionpack_page-caching_gem
 
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. 2020-05-12 7.5 CVE-2020-8159
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 7.5 CVE-2020-10638
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. 2020-05-08 7.5 CVE-2020-12022
MISC
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 7.5 CVE-2020-12006
MISC
MISC
MISC
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 7.5 CVE-2020-12002
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apache -- log4net
 
Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users. 2020-05-11 7.5 CVE-2018-1285
MISC
domainmod -- domainmod
 
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. 2020-05-08 7.5 CVE-2020-12735
MISC
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. 2020-05-13 7.5 CVE-2020-7454
MISC
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. 2020-05-13 7.5 CVE-2019-15880
MISC
CONFIRM
freerdp -- freerdp
 
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 7.5 CVE-2020-11524
MISC
CONFIRM
CONFIRM
freerdp -- freerdp
 
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. 2020-05-15 7.5 CVE-2020-11523
MISC
CONFIRM
CONFIRM
gazie -- gazie
 
An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. 2020-05-11 7.5 CVE-2020-12743
CONFIRM
glpi_project -- glpi
 
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6. 2020-05-12 9 CVE-2020-11060
MISC
CONFIRM
gnuteca -- gnuteca
 
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. 2020-05-09 7.5 CVE-2020-12766
CONFIRM
google -- android
 
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851 2020-05-14 7.5 CVE-2020-0221
MISC
google -- android
 
In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188 2020-05-14 10 CVE-2020-0103
MISC
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266 2020-05-14 9.3 CVE-2020-4285
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. 2020-05-14 9.3 CVE-2020-4422
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269. 2020-05-14 9.3 CVE-2020-4287
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. 2020-05-14 9.3 CVE-2020-4288
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. 2020-05-14 9.3 CVE-2020-4343
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721. 2020-05-14 9.3 CVE-2020-4467
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723. 2020-05-14 9.3 CVE-2020-4468
XF
CONFIRM
iproute2 -- iproute2
 
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. 2020-05-09 7.5 CVE-2019-20795
MISC
CONFIRM
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader. The LG ID is LVE-SMP-200006 (May 2020). 2020-05-11 7.5 CVE-2020-12753
CONFIRM
libemf -- libemf
 
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. 2020-05-11 7.5 CVE-2020-11865
MISC
MISC
MISC
libemf -- libemf
 
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. 2020-05-11 7.5 CVE-2020-11866
MISC
MISC
MISC
libexif -- libexif
 
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. 2020-05-09 7.5 CVE-2020-12767
CONFIRM
MLIST
openconnect_project -- openconnect_vpn_client
 
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. 2020-05-12 7.5 CVE-2020-12823
MISC
MISC
MLIST
palo_alto_networks -- pan-os
 
An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6. 2020-05-13 9.3 CVE-2020-2018
CONFIRM
palo_alto_networks -- pan-os
 
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. 2020-05-13 7.5 CVE-2020-2001
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2010
CONFIRM
palo_alto_networks -- pan-os
 
An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2009
CONFIRM
palo_alto_networks -- pan-os
 
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0. 2020-05-13 7.8 CVE-2020-2011
CONFIRM
palo_alto_networks -- pan-os
 
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2014
CONFIRM
palo_alto_networks -- pan-os
 
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. 2020-05-13 9 CVE-2020-2006
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2007
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. 2020-05-13 9 CVE-2020-2008
CONFIRM
palo_alto_networks -- pan-os
 
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. 2020-05-13 8.5 CVE-2020-2016
CONFIRM
palo_alto_networks -- pan-os
 
An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. 2020-05-13 8.5 CVE-2020-2003
CONFIRM
palo_alto_networks -- pan-os
 
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. 2020-05-13 9 CVE-2020-2015
CONFIRM
pi-hole -- pi-hole
 
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. 2020-05-11 9 CVE-2020-11108
MISC
MISC
MISC
MISC
ping_identity -- pingid_ssh
 
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. 2020-05-13 7.5 CVE-2020-10654
CONFIRM
MISC
MISC
MISC
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). 2020-05-11 10 CVE-2020-12746
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). 2020-05-11 7.5 CVE-2020-12747
CONFIRM
sap -- business_objects_business_intelligence_platform
 
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. 2020-05-12 7.5 CVE-2020-6242
MISC
MISC
trendnet -- proview_wireless_camera_tv-ip512wn
 
TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. 2020-05-13 7.5 CVE-2020-12763
MISC
vbulletin -- vbulletin
 
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. 2020-05-08 7.5 CVE-2020-12720
MISC
MISC
veritas -- aptare
 
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. 2020-05-14 7.5 CVE-2020-12874
MISC
wordpress -- wordpress
 
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. 2020-05-08 7.5 CVE-2020-11530
MISC
MISC
FULLDISC
MISC
MISC
wordpress -- wordpress
 
The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform. 2020-05-13 7.5 CVE-2020-12832
MISC
MISC
zephyrproject -- zephyr
 
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. 2020-05-11 7.5 CVE-2020-10022
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10024
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10027
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10067
MISC
MISC
MISC
MISC
MISC
zoho -- manageengine_datasecurity_plus
 
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. 2020-05-08 10 CVE-2020-11532
MISC
MISC
zulip -- zulip_desktop
 
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. 2020-05-09 7.5 CVE-2020-12637
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess/scada Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. 2020-05-08 5 CVE-2020-12018
MISC
MISC
advantech -- webaccess/scada Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. 2020-05-08 5 CVE-2020-12014
MISC
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. 2020-05-08 5.8 CVE-2020-12010
MISC
advantech -- webaccess/scada
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 6.5 CVE-2020-12026
MISC
MISC
apache -- activemq
 
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. 2020-05-14 4.3 CVE-2020-1941
MISC
apache -- rocketmq
 
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. 2020-05-14 5 CVE-2019-17572
MISC
MISC
apple -- swiftnio_extras In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. 2020-05-11 5 CVE-2020-9840
MISC
appneta -- tcpreplay
 
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. 2020-05-08 6.4 CVE-2020-12740
MISC
autoswitch_python_virtualenv -- autoswitch_python_virtualenv In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0 2020-05-13 4.6 CVE-2020-11073
MISC
MISC
MISC
CONFIRM
cpanel -- cpanel cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). 2020-05-11 5 CVE-2020-12784
CONFIRM
MISC
cpanel -- cpanel
 
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). 2020-05-11 5.5 CVE-2020-12785
CONFIRM
MISC
debian -- libemf
 
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). 2020-05-11 5 CVE-2020-11863
MISC
MISC
MISC
debian -- libemf
 
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). 2020-05-11 5 CVE-2020-11864
MISC
MISC
MISC
enlightenment -- imlib2 modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. 2020-05-09 6.4 CVE-2020-12761
CONFIRM
exim -- exim
 
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. 2020-05-11 5 CVE-2020-12783
CONFIRM
CONFIRM
CONFIRM
DEBIAN
f5 -- big-ip
 
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. 2020-05-12 6.8 CVE-2020-5897
MISC
f5 -- big-ip_edge_client
 
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. 2020-05-12 4.6 CVE-2020-5896
MISC
f5 -- big-ip_edge_client_windows_stonewall
 
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. 2020-05-12 4.9 CVE-2020-5898
MISC
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. 2020-05-13 4.6 CVE-2019-15878
MISC
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. 2020-05-13 5.8 CVE-2019-15879
MISC
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). 2020-05-13 5 CVE-2020-7455
MISC
CONFIRM
freerdp -- freerdp
 
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. 2020-05-15 6.4 CVE-2020-11526
MISC
CONFIRM
CONFIRM
freerdp -- freerdp
 
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. 2020-05-15 6.4 CVE-2020-11522
MISC
CONFIRM
CONFIRM
glpi_project -- glpi
 
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. 2020-05-12 5 CVE-2020-5248
MISC
CONFIRM
gnome -- libcroco
 
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. 2020-05-12 6.8 CVE-2020-12825
MISC
gnuteca -- gnuteca Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. 2020-05-09 5 CVE-2020-12764
CONFIRM
google -- android In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677 2020-05-14 4.6 CVE-2020-0102
MISC
google -- android In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561 2020-05-14 4.6 CVE-2020-0220
MISC
google -- android
 
In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084 2020-05-14 4.6 CVE-2020-0105
MISC
google -- android
 
In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175 2020-05-14 4.6 CVE-2020-0109
MISC
google -- android
 
In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel 2020-05-14 4.6 CVE-2020-0110
MISC
google -- android
 
In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 2020-05-14 4.6 CVE-2020-0098
MISC
ibm -- api_connect
 
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. 2020-05-12 5 CVE-2020-4346
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637. 2020-05-14 6.9 CVE-2020-4258
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. 2020-05-14 6.9 CVE-2020-4257
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647. 2020-05-14 6.9 CVE-2020-4264
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. 2020-05-14 6.9 CVE-2020-4262
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. 2020-05-14 6.9 CVE-2020-4265
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646. 2020-05-14 6.9 CVE-2020-4263
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. 2020-05-14 6.9 CVE-2020-4261
XF
CONFIRM
ibm -- i2_intelligent_analysis_platform
 
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649. 2020-05-14 6.9 CVE-2020-4266
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. 2020-05-12 4 CVE-2019-4478
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. 2020-05-13 4 CVE-2020-4312
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. 2020-05-14 4 CVE-2020-4299
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. 2020-05-14 4 CVE-2020-4259
XF
CONFIRM
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. 2020-05-11 4.3 CVE-2019-4667
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. 2020-05-14 4 CVE-2020-4365
XF
CONFIRM
ispyconnect -- agent_dvr
 
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. 2020-05-15 5 CVE-2020-13093
MISC
jooby -- jooby
 
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. 2020-05-11 5 CVE-2020-7647
MISC
MISC
MISC
json-c -- json-c
 
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. 2020-05-09 6.8 CVE-2020-12762
CONFIRM
MISC
FEDORA
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). 2020-05-11 6.8 CVE-2020-12754
CONFIRM
libreswan_project -- libreswan
 
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. 2020-05-12 5 CVE-2020-1763
MISC
CONFIRM
CONFIRM
CONFIRM
DEBIAN

linux -- linux_kernel

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. 2020-05-09 4.9 CVE-2020-12769
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. 2020-05-09 4.9 CVE-2020-12771
CONFIRM
linux -- linux_kernel
 
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. 2020-05-12 6.9 CVE-2020-12826
CONFIRM
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. 2020-05-09 4.6 CVE-2020-12770
CONFIRM
FEDORA
CONFIRM
linux -- linux_kernel
 
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. 2020-05-08 4.4 CVE-2020-10690
CONFIRM
linux -- linux_kernel
 
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. 2020-05-08 6.9 CVE-2019-14898
MISC
CONFIRM
MISC
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. 2020-05-09 4.9 CVE-2019-20794
CONFIRM
CONFIRM
maxum_development_corporation -- rumpus
 
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. 2020-05-08 4 CVE-2020-12737
MISC
MISC
mcafee -- active_response_for_linux
 
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7290
CONFIRM
mcafee -- active_response_for_mac
 
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7291
CONFIRM
mcafee -- active_response_for_windows
 
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7289
CONFIRM
mcafee -- exploit_detection_and_response
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7288
CONFIRM
mcafee -- exploit_detection_and_response
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7286
CONFIRM
mcafee -- exploit_detection_and_response
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7287
CONFIRM
mcafee -- mvision_endpoint Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7285
CONFIRM

netapp -- service_processor_and_baseboard_management_controller

Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). 2020-05-11 5 CVE-2019-5500
MISC
nextcloud -- nextcloud_groupfolders
 
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. 2020-05-12 5.5 CVE-2020-8153
MISC
MISC
nextcloud -- nextcloud_mail
 
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. 2020-05-12 6.8 CVE-2020-8156
MISC
nextcloud -- nextcloud_server
 
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. 2020-05-12 6.8 CVE-2020-8154
SUSE
SUSE
MISC
MISC
opennms -- horizon_and_meridian
 
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. 2020-05-11 6.5 CVE-2020-12760
MISC
MISC
MISC
MISC
MISC
opto_22 -- softpac_project Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. 2020-05-14 6.4 CVE-2020-10612
MISC
opto_22 -- softpac_project
 
Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. 2020-05-14 4 CVE-2020-12042
MISC
opto_22 -- softpac_project
 
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. 2020-05-14 6.8 CVE-2020-10616
MISC
oracle -- iplanet_web_server ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. 2020-05-10 4.9 CVE-2020-9314
FULLDISC
MISC
MISC
MISC
oracle -- iplanet_web_server
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. 2020-05-10 5 CVE-2020-9315
FULLDISC
MISC
MISC
MISC
palo_alto_networks -- pan-os
 
The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8. 2020-05-13 5.5 CVE-2020-1993
CONFIRM
palo_alto_networks -- pan-os
 
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. 2020-05-13 4.3 CVE-2020-2005
CONFIRM
palo_alto_networks -- pan-os
 
A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2. 2020-05-13 6.8 CVE-2020-1995
CONFIRM
palo_alto_networks -- pan-os_for_panorama Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. 2020-05-13 5 CVE-2020-2012
CONFIRM

palo_alto_networks -- pan-os

 

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. 2020-05-13 4.3 CVE-2020-2017
CONFIRM
pixel_&_tonic -- craft_cms
 
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. 2020-05-11 5 CVE-2020-12790
MISC
MISC
MISC
MISC
plex -- media_server
 
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. 2020-05-08 6.5 CVE-2020-5741
MISC
python_packaging_authority -- python_package_installer An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). 2020-05-08 6.8 CVE-2018-20225
MISC
MISC
red_hat -- ansible_engine
 
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. 2020-05-12 5 CVE-2020-1746
CONFIRM
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. 2020-05-12 6.5 CVE-2020-1718
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section. 2020-05-11 4 CVE-2020-1724
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. 2020-05-08 6.5 CVE-2019-10170
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. 2020-05-13 6.5 CVE-2020-1714
CONFIRM
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. 2020-05-08 6.5 CVE-2019-10169
CONFIRM
red_hat -- openshift_container_platform
 
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. 2020-05-12 4.6 CVE-2020-10706
CONFIRM
ruby_on_rails -- active_resource
 
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. 2020-05-12 5 CVE-2020-8151
MISC

samsung -- multiple_mobile_devices

An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). 2020-05-11 5 CVE-2020-12748
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). 2020-05-11 5 CVE-2020-12750
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). 2020-05-11 6.8 CVE-2020-12751
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). 2020-05-11 5 CVE-2020-12752
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020). 2020-05-11 4.6 CVE-2020-12749
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020). 2020-05-11 5 CVE-2020-12745
CONFIRM

sap -- adaptive_server_enterprise

SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. 2020-05-12 6.5 CVE-2020-6248
MISC
MISC

sap -- adaptive_server_enterprise

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6253
MISC
MISC

sap -- adaptive_server_enterprise

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. 2020-05-12 6.5 CVE-2020-6243
MISC
MISC
sap -- adaptive_server_enterprise
 
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. 2020-05-12 6.7 CVE-2020-6250
MISC
MISC
sap -- adaptive_server_enterprise
 
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. 2020-05-12 4 CVE-2020-6259
MISC
MISC
sap -- adaptive_server_enterprise
 
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. 2020-05-12 5.2 CVE-2020-6252
MISC
MISC
sap -- adaptive_server_enterprise
 
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6241
MISC
MISC
sap -- application_server_abap
 
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. 2020-05-12 6.5 CVE-2020-6262
MISC
MISC
sap -- business_objects_intelligence_platform
 
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. 2020-05-12 4.6 CVE-2020-6245
MISC
MISC
sap -- business_objects_intelligence_platform
 
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. 2020-05-12 5 CVE-2020-6247
MISC
MISC
sap -- business_objects_intelligence_platform
 
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. 2020-05-12 5 CVE-2020-6251
MISC
MISC
sap -- enterprise_threat_detection
 
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. 2020-05-12 4.3 CVE-2020-6254
MISC
MISC
sap -- identity_management
 
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. 2020-05-12 4 CVE-2020-6258
MISC
MISC
sap -- master_data_governance The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6249
MISC
MISC
sap -- master_data_governance
 
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. 2020-05-12 4 CVE-2020-6256
MISC
MISC
sap -- netweaver_as_abap
 
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service 2020-05-12 5 CVE-2020-6240
MISC
MISC
six_apart -- multiple_movable_type_products
 
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. 2020-05-14 6.5 CVE-2020-5577
MISC
MISC
six_apart -- multiple_movable_type_products
 
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. 2020-05-14 4.3 CVE-2020-5575
MISC
MISC
six_apart -- multiple_movable_type_products
 
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. 2020-05-14 5 CVE-2020-5574
MISC
MISC
six_apart -- multiple_movable_type_products
 
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-05-14 6.8 CVE-2020-5576
MISC
MISC
solis_miolo -- solis_miolo Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. 2020-05-09 5 CVE-2020-12765
CONFIRM
suse -- opensuse
 
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. 2020-05-13 4.3 CVE-2020-8020
CONFIRM
symantec -- endpoint_protection
 
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. 2020-05-11 4.6 CVE-2020-5837
MISC
symantec -- endpoint_protection
 
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. 2020-05-11 4.4 CVE-2020-5836
MISC
symantec -- endpoint_protection_manager
 
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. 2020-05-11 5 CVE-2020-5834
MISC
symantec -- endpoint_protection_manager
 
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. 2020-05-11 4.4 CVE-2020-5835
MISC
tobesoft -- xplatform A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. 2020-05-11 6.8 CVE-2019-19162
MISC
transmission -- transmission
 
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. 2020-05-15 6.8 CVE-2018-10756
MISC
MISC
tyler_technologies -- eagle
 
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. 2020-05-13 6.5 CVE-2019-16112
MISC

typo3 -- typo3

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. 2020-05-13 4 CVE-2020-12700
MISC
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. 2020-05-13 4.3 CVE-2020-11063
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/. 2020-05-14 6.8 CVE-2020-11069
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. 2020-05-14 6.4 CVE-2020-11066
CONFIRM
typo3 -- typo3
 
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. 2020-05-13 5 CVE-2020-12697
MISC
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. 2020-05-14 6 CVE-2020-11067
CONFIRM
typo3 -- typo3
 
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. 2020-05-13 4 CVE-2020-12698
MISC
CONFIRM
typo3 -- typo3
 
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. 2020-05-13 5.8 CVE-2020-12699
MISC
CONFIRM
veritas -- aptare
 
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. 2020-05-14 6.5 CVE-2020-12875
MISC
veritas -- aptare
 
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. 2020-05-14 5 CVE-2020-12876
MISC
veritas -- aptare
 
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. 2020-05-14 5 CVE-2020-12877
MISC
vmware -- pivotal_concourse
 
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) 2020-05-14 5.8 CVE-2020-5409
CONFIRM
vmware -- spring_security
 
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. 2020-05-13 6.5 CVE-2020-5407
MLIST
CONFIRM
western_digital -- mycloud_home
 
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. 2020-05-13 6.8 CVE-2020-12427
MISC
CONFIRM
wso2 -- multiple_products
 
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. 2020-05-08 6.5 CVE-2020-12719
MISC
zephyrproject -- zephyr Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10058
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10021
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. 2020-05-11 5.8 CVE-2020-10059
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10023
MISC
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Recommend disabling updatehub until such a time as a fix can be made available. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. 2020-05-11 5.5 CVE-2020-10060
MISC
MISC
zephyrproject -- zephyr
 
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10028
MISC
MISC
MISC
MISC
MISC
zoho -- manageengine_datasecurity_plus
 
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. 2020-05-08 6.5 CVE-2020-11531
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
covidsafe -- covidsafe_for_ios
 
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. 2020-05-14 3.3 CVE-2020-12717
MISC
freerdp -- freerdp In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. 2020-05-12 3.5 CVE-2020-11058
MISC
MISC
CONFIRM
glpi_project -- glpi
 
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6. 2020-05-12 3.5 CVE-2020-11062
MISC
CONFIRM

google -- android

In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870 2020-05-14 2.1 CVE-2020-0104
MISC
google -- android
 
In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207 2020-05-14 2.1 CVE-2020-0106
MISC
google -- android
 
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 2020-05-14 2.1 CVE-2020-0101
MISC
ibm -- api_connect
 
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. 2020-05-12 3.5 CVE-2020-4195
XF
CONFIRM
kde -- kde
 
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. 2020-05-09 2.1 CVE-2020-12755
CONFIRM
linux -- linux_kernel An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. 2020-05-09 2.1 CVE-2020-12768
CONFIRM
CONFIRM
nextcloud -- nextcloud_server
 
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. 2020-05-12 3.5 CVE-2020-8155
SUSE
SUSE
MISC
opto_22 -- softpac_project
 
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. 2020-05-14 3.5 CVE-2020-12046
MISC
palo_alto_networks -- globalprotect_app Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. 2020-05-13 1.7 CVE-2020-2004
CONFIRM
php-fusion -- php-fusion
 
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. 2020-05-08 3.5 CVE-2020-12718
MISC
red_hat -- jboss_keycloak
 
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality. 2020-05-11 2.1 CVE-2020-1698
CONFIRM
samsung -- multiple_mobile_devices
 
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). 2020-05-08 3.3 CVE-2020-6616
MISC
MISC
MISC
CONFIRM
MISC
MISC

sap -- business_objects_business_intelligence_platform

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. 2020-05-12 3.5 CVE-2020-6257
MISC
MISC
shopizer -- shopizer
 
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. 2020-05-08 3.5 CVE-2020-11006
MISC
CONFIRM
symantec -- endpoint_protection_manager
 
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-05-11 2.1 CVE-2020-5833
MISC
symantec -- it_analytics
 
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. 2020-05-13 3.5 CVE-2020-5838
MISC
techsmith -- snagit
 
In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. 2020-05-08 2.1 CVE-2020-11541
CONFIRM
typo3 -- typo3
 
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3. 2020-05-13 3.5 CVE-2020-11070
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. 2020-05-13 3.5 CVE-2020-11065
CONFIRM
typo3 -- typo3
 
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. 2020-05-13 3.5 CVE-2020-11064
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions -- codesys_development_system
 
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. 2020-05-14 not yet calculated CVE-2020-12068
MISC
MISC
apache -- ant
 
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. 2020-05-14 not yet calculated CVE-2020-1945
MISC
apache -- camel
 
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11972
MLIST
MLIST
MISC
apache -- camel
 
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11973
MLIST
MISC
apache -- camel
 
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 is affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11971
MLIST
MISC
apache -- cloudstack
 
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond. 2020-05-14 not yet calculated CVE-2019-17562
MISC
apache -- flink
 
A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. 2020-05-14 not yet calculated CVE-2020-1960
MISC
apache -- nuttx
 
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected. 2020-05-12 not yet calculated CVE-2020-1939
MISC
apt -- apt
 
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. 2020-05-15 not yet calculated CVE-2020-3810
MISC
MISC
MISC
MISC
MISC
bitdefender -- bitdefender_engines
 
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. 2020-05-15 not yet calculated CVE-2020-8100
MISC
canonical -- subiguity
 
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. 2020-05-13 not yet calculated CVE-2020-11932
MISC
cellebrite -- ufed
 
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. 2020-05-15 not yet calculated CVE-2020-12798
MISC
MISC
MISC
MISC
MISC
clamav -- clam_antivirus
 
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-05-13 not yet calculated CVE-2020-3327
CISCO
clamav -- clam_antivirus
 
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-05-13 not yet calculated CVE-2020-3341
CISCO
d-link -- dap-1360_devices
 
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. 2020-05-15 not yet calculated CVE-2019-18666
MISC
MISC
MISC
eq-3 -- homematic_ccu2_and_ccu3_devices
 
eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). 2020-05-15 not yet calculated CVE-2020-12834
MISC
estsoft -- alsong
 
ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. 2020-05-15 not yet calculated CVE-2020-7809
MISC
MISC
f5 -- nginx
 
NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass. 2020-05-14 not yet calculated CVE-2020-12440
MISC
MISC
fazecast -- jserialcomm
 
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. 2020-05-14 not yet calculated CVE-2020-10626
MISC
freerdp -- freerdp
 
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. 2020-05-15 not yet calculated CVE-2020-11525
MISC
CONFIRM
CONFIRM
CONFIRM
freerdp -- freerdp
 
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 not yet calculated CVE-2020-11521
MISC
CONFIRM
CONFIRM
google -- android In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 2020-05-14 not yet calculated CVE-2020-0091
MISC
google -- android
 
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 2020-05-14 not yet calculated CVE-2020-0065
MISC
google -- android
 
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871 2020-05-14 not yet calculated CVE-2020-0094
MISC
google -- android
 
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 2020-05-14 not yet calculated CVE-2020-0064
MISC
google -- android
 
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 2020-05-14 not yet calculated CVE-2020-0090
MISC
google -- android
 
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 2020-05-14 not yet calculated CVE-2020-0024
MISC
google -- android
 
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 2020-05-14 not yet calculated CVE-2020-0097
MISC
google -- android
 
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 2020-05-14 not yet calculated CVE-2020-0093
MLIST
MISC
google -- android
 
In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 2020-05-14 not yet calculated CVE-2020-0100
MISC
google -- android
 
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 2020-05-14 not yet calculated CVE-2020-0096
MISC
google -- android
 
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 2020-05-14 not yet calculated CVE-2020-0092
MISC
huawei -- multiple_devices
 
Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. 2020-05-15 not yet calculated CVE-2020-1808
MISC
huawei -- p20_smartphones
 
Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. 2020-05-15 not yet calculated CVE-2020-9073
MISC
ignite_realtime -- spark
 
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) 2020-05-12 not yet calculated CVE-2020-12772
MISC
intelliants -- subrion_cms
 
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. 2020-05-15 not yet calculated CVE-2019-20390
MISC
intelliants -- subrion_cms
 
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. 2020-05-15 not yet calculated CVE-2019-20389
MISC
interchange -- interchange
 
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. 2020-05-15 not yet calculated CVE-2020-12685
MISC
CONFIRM
jal_information_technology -- pallet_control
 
Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under the environment where PLS Management Add-on Module is used, all versions are affected. 2020-05-11 not yet calculated CVE-2020-5538
MISC
MISC
jetstream -- jetselect
 
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. 2020-05-14 not yet calculated CVE-2019-13021
MISC
jetstream -- jetselect
 
Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). 2020-05-14 not yet calculated CVE-2019-13022
MISC
jetstream -- jetselect
 
An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. 2020-05-14 not yet calculated CVE-2019-13023
MISC
kerberos -- kerberos
 
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. 2020-05-16 not yet calculated CVE-2020-13110
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. 2020-05-15 not yet calculated CVE-2020-12888
MISC
MISC
logkitty -- logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. 2020-05-15 not yet calculated CVE-2020-8149
MISC
mikrotik -- mikrotik-router-monitoring-system
 
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. 2020-05-16 not yet calculated CVE-2020-13118
MISC
misp -- misp-maltego
 
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15 not yet calculated CVE-2020-12889
MISC
mongodb -- mongodb
 
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. 2020-05-13 not yet calculated CVE-2019-2388
MISC
morita -- shogi
 
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. 2020-05-16 not yet calculated CVE-2020-13109
MISC
MISC
naviserver -- naviserver
 
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. 2020-05-16 not yet calculated CVE-2020-13111
MISC
MISC
opto_22 -- softpac_project
 
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. 2020-05-14 not yet calculated CVE-2020-10620
MISC
palo_alto_networks -- global_protect_agent
 
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. 2020-05-13 not yet calculated CVE-2020-1997
CONFIRM
palo_alto_networks -- pan-os
 
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 not yet calculated CVE-2020-1994
CONFIRM
palo_alto_networks -- pan-os
 
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. 2020-05-13 not yet calculated CVE-2020-1996
CONFIRM
palo_alto_networks -- pan-os
 
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. 2020-05-13 not yet calculated CVE-2020-1998
CONFIRM
palo_alto_networks -- pan-os
 
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0. 2020-05-13 not yet calculated CVE-2020-2002
CONFIRM
palo_alto_networks -- pan-os
 
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0; 2020-05-13 not yet calculated CVE-2020-2013
CONFIRM
pandas -- pandas
 
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. 2020-05-15 not yet calculated CVE-2020-13091
MISC
progress -- moveit_automation_web_admin
 
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. 2020-05-14 not yet calculated CVE-2020-12677
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pulseaudio -- pulseaudio
 
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; 2020-05-15 not yet calculated CVE-2020-11931
MISC
red_hat -- ansible_engine
 
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. 2020-05-15 not yet calculated CVE-2020-10744
CONFIRM
red_hat -- ansible_engine
 
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. 2020-05-11 not yet calculated CVE-2020-10685
CONFIRM
CONFIRM
red_hat -- jboss_keycloak
 
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. 2020-05-15 not yet calculated CVE-2020-1758
CONFIRM
MISC
sap -- business_client
 
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. 2020-05-12 not yet calculated CVE-2020-6244
MISC
MISC
scikit-learn -- scikit-learn
 
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. 2020-05-15 not yet calculated CVE-2020-13092
MISC
securecrt -- securecrt
 
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. 2020-05-15 not yet calculated CVE-2020-12651
MISC
MISC
CONFIRM
MISC
slpjs -- slpjs
 
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. 2020-05-12 not yet calculated CVE-2020-11072
MISC
CONFIRM
slpjs -- slpjs
 
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. 2020-05-12 not yet calculated CVE-2020-11071
MISC
CONFIRM
submitty -- submitty
 
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. 2020-05-15 not yet calculated CVE-2020-12882
MISC
submitty -- sumbitty
 
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. 2020-05-16 not yet calculated CVE-2020-13121
MISC
videolan -- vlc_media_player An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. 2020-05-15 not yet calculated CVE-2019-19721
MISC
MISC
MISC
MISC
vmware -- spring_security
 
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. 2020-05-14 not yet calculated CVE-2020-5408
CONFIRM
wordpress -- wordpress
 
The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. 2020-05-13 not yet calculated CVE-2020-12742
MISC
MISC
xwiki -- platform
 
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. 2020-05-12 not yet calculated CVE-2020-11057
CONFIRM
MISC
MISC
yaws -- yaws
 
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. 2020-05-15 not yet calculated CVE-2020-12872
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 not yet calculated CVE-2020-10019
MISC
MISC
MISC
MISC
MISC
zhejiang_dahua_technology -- multiple_devices
 
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. 2020-05-13 not yet calculated CVE-2019-9682
MISC
zhejiang_dahua_technology -- multiple_products
 
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. 2020-05-13 not yet calculated CVE-2020-9502
MISC
zhejiang_dahua_technology -- web_p2p
 
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. 2020-05-13 not yet calculated CVE-2020-9501
MISC
zoho -- manageengine_servicedesk_plus
 
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page. 2020-05-14 not yet calculated CVE-2019-15083
MISC
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No