Vulnerability Summary for the Week of June 1, 2020
Released
Jun 08, 2020
Document ID
SB20-160
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| asus -- aura_sync | Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | 2020-06-02 | 7.2 | CVE-2019-17603 MISC |
| cisco -- ios_xe_software | A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. | 2020-06-03 | 7.2 | CVE-2020-3207 CISCO |
| cisco -- ios_xe_software | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | 2020-06-03 | 7.2 | CVE-2020-3214 CISCO |
| clearpass -- policy_manager | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 10 | CVE-2020-7115 MISC |
| clearpass -- policy_manager | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 9 | CVE-2020-7116 MISC |
| clearpass -- policy_manager | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | 2020-06-03 | 9 | CVE-2020-7117 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | 2020-06-03 | 7.5 | CVE-2020-13782 MISC |
| docker -- engine | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | 2020-06-02 | 7.5 | CVE-2020-13401 MISC MISC CONFIRM |
| farsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | 2020-06-01 | 7.5 | CVE-2014-7175 MISC |
| farsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | 2020-06-01 | 7.5 | CVE-2014-7173 MISC |
| fortinet -- foritap-s/w2_and_fortiap-u | An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | 2020-06-01 | 8.5 | CVE-2019-15709 MISC |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | 2020-06-04 | 7.5 | CVE-2019-20830 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | 2020-05-29 | 7.5 | CVE-2020-11038 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | 2020-05-29 | 7.5 | CVE-2020-11039 CONFIRM |
| gesio -- erp | There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | 2020-06-01 | 7.5 | CVE-2020-8967 CONFIRM |
| github -- enterprise_server | An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. | 2020-06-03 | 7.5 | CVE-2020-10516 MISC MISC MISC |
| ibm -- security_guardium | IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735. | 2020-06-03 | 9 | CVE-2020-4180 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | 2020-06-03 | 7.5 | CVE-2020-4177 XF CONFIRM |
| micro_focus -- service_management_automation | There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | 2020-05-29 | 7.5 | CVE-2020-11844 CONFIRM |
| piwigo -- lexiglot | admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 2020-06-01 | 7.5 | CVE-2014-8945 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | 2020-06-01 | 7.5 | CVE-2014-8941 MISC |
| qualcomm -- multiple_snapdragon_products | Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 | 2020-06-02 | 7.2 | CVE-2019-14054 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 2020-06-02 | 7.8 | CVE-2020-3645 CONFIRM |
| qualcomm -- multiple_snapdragon_products | NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3618 CONFIRM |
| qualcomm -- multiple_snapdragon_products | When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3625 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130 | 2020-06-02 | 7.5 | CVE-2020-3615 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130 | 2020-06-02 | 7.2 | CVE-2019-14066 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 10 | CVE-2020-3633 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 10 | CVE-2020-3641 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150 | 2020-06-02 | 7.2 | CVE-2020-3616 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605 | 2020-06-02 | 7.2 | CVE-2019-14087 CONFIRM |
| qualcomm -- sm8250_and_sxr2130_devices | kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130 | 2020-06-02 | 7.2 | CVE-2020-3623 CONFIRM |
| quickbox -- quickbox_community_and_pro_editions | In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | 2020-06-01 | 9 | CVE-2020-13695 MISC |
| quickbox -- quickbox_community_and_pro_editions | In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | 2020-06-01 | 9 | CVE-2020-13694 MISC |
| quickbox -- quickbox_community_and_pro_editions | QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | 2020-06-01 | 9 | CVE-2020-13448 MISC MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10548 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10549 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10546 MISC |
| rconfig -- rconfig | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | 2020-06-04 | 7.5 | CVE-2020-10547 MISC |
| sabberworm -- php_css_parser | Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | 2020-06-03 | 7.5 | CVE-2020-13756 MISC MISC MISC MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020). | 2020-06-04 | 7.5 | CVE-2020-13832 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020). | 2020-06-04 | 7.5 | CVE-2020-13831 CONFIRM |
| swarco -- cpu_ls4000_series | An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. | 2020-05-29 | 10 | CVE-2020-12493 CONFIRM |
| systemd -- systemd | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | 2020-06-03 | 10 | CVE-2020-13776 MISC |
| verizon -- serialize-javascript | serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | 2020-06-01 | 7.5 | CVE-2020-7660 MISC |
| wordpress -- wordpress | An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | 2020-05-29 | 7.5 | CVE-2020-13693 MISC MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2pisoftware -- cmfive | system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | 2020-06-01 | 5 | CVE-2014-9702 MISC |
| apache -- ignite | Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. | 2020-06-03 | 6.4 | CVE-2020-1963 MLIST MISC MLIST MLIST MLIST |
| atlassian -- companion_app | The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | 2020-06-01 | 6.5 | CVE-2020-4020 MISC |
| atlassian -- companion_app | The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | 2020-06-01 | 4.4 | CVE-2020-4019 MISC |
| atlassian -- fisheye_and_crucible | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 2020-06-01 | 5 | CVE-2020-4016 MISC MISC |
| atlassian -- fisheye_and_crucible | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 2020-06-01 | 4 | CVE-2020-4015 MISC MISC |
| atlassian -- fisheye_and_crucible | The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | 2020-06-01 | 5 | CVE-2020-4017 MISC MISC |
| atlassian -- fisheye_and_crucible | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 2020-06-01 | 4 | CVE-2020-4014 MISC MISC |
| atlassian -- fisheye_and_crucible | The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 2020-06-01 | 4.3 | CVE-2020-4023 MISC MISC |
| atlassian -- fisheye_and_crucible | The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | 2020-06-01 | 6.8 | CVE-2020-4018 MISC MISC |
| atlassian -- navigator_links | The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | 2020-06-03 | 4 | CVE-2020-4026 MISC MISC |
| bitrix -- bitrix24 | modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. | 2020-06-01 | 4.3 | CVE-2020-13758 MISC |
| celluloid -- reel | reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more. | 2020-06-01 | 5 | CVE-2020-7659 MISC |
| cisco -- multiple_products | Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. | 2020-06-02 | 5 | CVE-2020-10136 CERT-VN MISC MISC |
| cisco -- prime_infrastructure | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | 2020-06-03 | 6.4 | CVE-2020-3339 CISCO |
| cisco -- webex_network_recording_player_and_cisco_webex_player_for_microsoft_windows | A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | 2020-06-03 | 4.3 | CVE-2020-3322 CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | 2020-06-03 | 4.3 | CVE-2020-3321 CISCO |
| compound -- finance_compound_price_oracle | The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings. | 2020-06-03 | 5 | CVE-2019-20809 MISC |
| cybele -- thinfinity_virtualUI | Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. | 2020-06-04 | 4.3 | CVE-2019-16385 MISC |
| cybele -- thinfinity_virtualui | Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. | 2020-06-04 | 4 | CVE-2019-16384 MISC |
| d-link -- dir-856l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | 2020-06-03 | 6.8 | CVE-2020-13786 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | 2020-06-03 | 5 | CVE-2020-13787 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | 2020-06-03 | 5 | CVE-2020-13785 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | 2020-06-03 | 5 | CVE-2020-13784 MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | 2020-06-03 | 5 | CVE-2020-13783 MISC |
| django-project -- django | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | 2020-06-03 | 4.3 | CVE-2020-13596 MISC MISC CONFIRM |
| django_project -- django | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | 2020-06-03 | 5 | CVE-2020-13254 MISC MISC CONFIRM |
| elastic -- elastic_app_search | Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. | 2020-06-03 | 4.3 | CVE-2020-7011 N/A |
| elastic -- elastic_cloud_on_kubernetes | Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK. | 2020-06-03 | 5 | CVE-2020-7010 N/A |
| elastic -- kibana | Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | 2020-06-03 | 6.5 | CVE-2020-7013 N/A |
| elastic -- kibana | Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | 2020-06-03 | 6.5 | CVE-2020-7012 N/A |
| farsite -- farlinx_x25_gateway | FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. | 2020-06-01 | 5 | CVE-2014-7174 MISC |
| fastecdsa -- fastecdsa | An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail. | 2020-06-02 | 5 | CVE-2020-12607 CONFIRM CONFIRM CONFIRM CONFIRM |
| fortiguard -- forticlient_for_windows | An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | 2020-06-01 | 4.6 | CVE-2020-9291 MISC |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20813 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | 2020-06-04 | 5 | CVE-2019-20815 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20816 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. | 2020-06-04 | 5 | CVE-2019-20814 CONFIRM |
| foxit -- phantompdf_mac_and_foxit_reader_for_mac | An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | 5 | CVE-2020-13803 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. | 2020-06-04 | 5 | CVE-2019-20818 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | 5 | CVE-2019-20837 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | 2020-06-04 | 4.3 | CVE-2019-20835 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20820 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | 2020-06-04 | 5 | CVE-2020-13806 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. | 2020-06-04 | 5 | CVE-2020-13807 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. | 2020-06-04 | 5 | CVE-2020-13808 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | 2020-06-04 | 5 | CVE-2020-13809 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. | 2020-06-04 | 5 | CVE-2019-20817 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. | 2020-06-04 | 5 | CVE-2019-20819 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | 2020-06-04 | 5 | CVE-2020-13805 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | 2020-06-04 | 5 | CVE-2019-20828 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | 2020-06-04 | 5 | CVE-2019-20829 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. | 2020-06-04 | 5 | CVE-2019-20836 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | 2020-06-04 | 6.8 | CVE-2020-13804 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | 2020-05-29 | 5 | CVE-2020-11019 CONFIRM |
| freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. | 2020-05-29 | 6.4 | CVE-2020-11085 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11088 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11087 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. | 2020-05-29 | 5.5 | CVE-2020-11086 MISC CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | 2020-05-29 | 5 | CVE-2020-11043 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | 2020-05-29 | 4 | CVE-2020-11040 CONFIRM |
| freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | 2020-05-29 | 4 | CVE-2020-11041 CONFIRM |
| freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. | 2020-05-29 | 6.5 | CVE-2020-11089 MISC MISC CONFIRM |
| google -- chrome | Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6502 MISC MISC |
| google -- chrome | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-06-03 | 4.3 | CVE-2020-6495 MISC MISC |
| google -- chrome | Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6499 MISC MISC |
| google -- chrome | Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6500 MISC MISC |
| google -- chrome | Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6419 MISC MISC |
| google -- chrome | Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6501 MISC MISC |
| google -- chrome | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6493 MISC MISC |
| google -- chrome | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6453 MISC MISC |
| google -- chrome | Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2011-2863 MISC |
| google -- chrome | Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2011-1805 MISC |
| google -- chrome | Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6504 MISC MISC |
| google -- chrome_on_android | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6494 MISC MISC |
| google -- chrome_on_ios | Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2020-06-03 | 4.3 | CVE-2020-6498 MISC MISC |
| google -- chrome_on_ios | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | 2020-06-03 | 4.3 | CVE-2020-6497 MISC MISC |
| google -- chrome_on_macos | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2020-06-03 | 6.8 | CVE-2020-6496 MISC MISC |
| grafana_labs -- grafana | The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. | 2020-06-03 | 5 | CVE-2020-13379 CONFIRM MISC MISC MISC CONFIRM |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18625 MISC |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18623 MISC |
| grafana_labs -- grafana | Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 2020-06-02 | 4.3 | CVE-2018-18624 MISC |
| huawei -- cloudengine_12800_products | CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. | 2020-05-29 | 5 | CVE-2020-1870 CONFIRM |
| huawei -- e6878-370_products | E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. | 2020-05-29 | 5.8 | CVE-2020-1832 CONFIRM |
| huawei -- multiple_products | There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 | 2020-06-01 | 4 | MISC |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. | 2020-06-02 | 4.3 | CVE-2020-4366 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. | 2020-06-02 | 5 | CVE-2020-4367 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. | 2020-06-02 | 4.3 | CVE-2020-4503 XF CONFIRM |
| ibm -- qradar_siem | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | 2020-06-04 | 5.5 | CVE-2020-4509 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738. | 2020-06-03 | 4.3 | CVE-2020-4182 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | 2020-06-03 | 4.6 | CVE-2020-4190 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | 2020-06-04 | 5 | CVE-2020-4193 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. | 2020-06-03 | 5 | CVE-2020-4187 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739. | 2020-06-04 | 4.3 | CVE-2020-4183 XF CONFIRM |
| istio -- istio | Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service. | 2020-06-02 | 5 | CVE-2020-10739 CONFIRM MISC CONFIRM |
| jenkins -- jenkins | Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 2020-06-03 | 6.5 | CVE-2020-2200 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 2020-06-03 | 4.3 | CVE-2020-2199 MLIST CONFIRM |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 2020-06-03 | 4.3 | CVE-2020-2192 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 2020-06-03 | 4 | CVE-2020-2191 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 2020-06-03 | 4 | CVE-2020-2198 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 2020-06-03 | 4 | CVE-2020-2197 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 2020-06-03 | 6 | CVE-2020-2196 MLIST CONFIRM |
| joomla! -- joomla! | In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | 2020-06-02 | 4.3 | CVE-2020-13761 MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | 2020-06-02 | 5 | CVE-2020-13763 MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | 2020-06-02 | 6.8 | CVE-2020-13760 MISC |
| joomla! -- joomla! | In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | 2020-06-02 | 4.3 | CVE-2020-13762 MISC |
| kubernetes -- containernetworking/plugins | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. | 2020-06-03 | 6 | CVE-2020-10749 CONFIRM MISC |
| libipeg-turbo -- libipeg-turbo | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | 2020-06-03 | 5.8 | CVE-2020-13790 MISC MISC |
| libvirt -- libvirt | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. | 2020-06-02 | 4 | CVE-2020-10703 REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | 2020-06-03 | 4.9 | CVE-2019-20810 MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. | 2020-06-03 | 4.9 | CVE-2019-20812 MISC MISC |
| mediawiki -- mediawiki | resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | 2020-06-02 | 5.8 | CVE-2020-10959 MISC MISC MISC |
| mulesoft -- mulesoft_ce/ee | A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. | 2020-05-29 | 5 | CVE-2020-6937 CONFIRM |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | 2020-06-03 | 4.3 | CVE-2020-13798 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | 2020-06-03 | 4.3 | CVE-2020-13796 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | 2020-06-03 | 4.3 | CVE-2020-13797 MISC |
| naviwebs -- navigate_cms | An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | 2020-06-03 | 5 | CVE-2020-13795 MISC MISC |
| october -- october_cms | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5296 MISC CONFIRM |
| october -- october_cms | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5297 MISC CONFIRM |
| october -- october_cms | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 4 | CVE-2020-5295 MISC CONFIRM |
| phplist -- phplist | phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 2020-06-04 | 4.3 | CVE-2020-13827 MISC |
| pi-hole -- pi-hole_web | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 2020-05-29 | 6.5 | CVE-2020-8816 CONFIRM MISC MISC MISC MISC MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows CSRF. | 2020-06-01 | 6.8 | CVE-2014-8942 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | 2020-06-01 | 5 | CVE-2014-8937 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | 2020-06-01 | 4.3 | CVE-2014-8939 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. | 2020-06-01 | 5 | CVE-2014-8940 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | 2020-06-01 | 6.5 | CVE-2014-8943 MISC |
| playtube -- playtube | PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. | 2020-06-03 | 4 | CVE-2020-13792 MISC |
| python-rsa -- python-rsa | Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | 2020-06-01 | 5 | CVE-2020-13757 MISC |
| qemu -- qemu | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | 2020-06-02 | 5 | CVE-2020-13659 CONFIRM MISC |
| qemu -- qemu | hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | 2020-06-02 | 4.6 | CVE-2020-13754 CONFIRM MISC |
| qualcomm -- multiple_snapdragon_products | A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SXR1130 | 2020-06-02 | 6.9 | CVE-2020-3680 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, Saipan, SC8180X, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 4.6 | CVE-2020-3630 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 4.6 | CVE-2020-3610 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845 | 2020-06-02 | 4.6 | CVE-2019-14078 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 4.6 | CVE-2019-14077 CONFIRM |
| rust-vmm -- vm-memory | rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | 2020-06-02 | 5 | CVE-2020-13759 MISC MISC MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). | 2020-06-04 | 5 | CVE-2020-13830 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | 2020-06-04 | 5 | CVE-2020-13835 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | 2020-06-04 | 6.4 | CVE-2020-13833 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | 2020-06-04 | 5 | CVE-2020-13836 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). | 2020-06-04 | 5 | CVE-2020-13834 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). | 2020-06-04 | 5 | CVE-2020-13829 CONFIRM |
| synk -- broker | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | 2020-05-29 | 4 | CVE-2020-7653 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | 2020-05-29 | 4.3 | CVE-2020-7654 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | 2020-05-29 | 4 | CVE-2020-7648 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | 2020-05-29 | 4 | CVE-2020-7652 MISC MISC |
| synk -- broker | All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | 2020-05-29 | 4 | CVE-2020-7650 MISC MISC |
| synk -- broker | All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | 2020-05-29 | 4 | CVE-2020-7651 MISC MISC |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | 2020-06-02 | 5 | CVE-2020-13227 MISC MISC MISC |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | 2020-06-02 | 4.3 | CVE-2020-13228 MISC MISC MISC |
| sysax -- multi_server | An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token. | 2020-06-02 | 6.8 | CVE-2020-13229 MISC MISC |
| upx -- upx | p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. | 2020-06-01 | 4.3 | CVE-2019-20805 MISC MISC |
| vmware -- multiple_products | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | 2020-05-29 | 6.9 | CVE-2020-3957 CONFIRM |
| vmware -- spring_cloud_config | Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | 2020-06-02 | 5 | CVE-2020-5410 CONFIRM |
| websocket-extensions -- websocket-extensions | websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | 2020-06-02 | 5 | CVE-2020-7663 MISC MISC MISC MISC |
| websocket-extensions -- websocket-extensions | websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | 2020-06-02 | 5 | CVE-2020-7662 MISC MISC MISC MISC |
| wordpress -- wordpress | common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | 2020-06-02 | 5 | CVE-2020-13764 MISC MISC |
| wordpress -- wordpress | The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | 2020-06-02 | 4.3 | CVE-2019-11843 MISC MISC MISC |
| zimbra -- zimbra | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. | 2020-06-03 | 6 | CVE-2020-12846 MISC CONFIRM MISC |
| znc -- znc | ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | 2020-06-02 | 4.3 | CVE-2020-13775 MISC CONFIRM |
| zoho -- manageengine_opmanager | In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | 2020-06-04 | 5 | CVE-2020-13818 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- device_library_wizard | Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 2020-05-29 | 2.1 | CVE-2020-8482 CONFIRM |
| atlassian -- fisheye_and_crucible | The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | 2020-06-01 | 3.5 | CVE-2020-4013 MISC MISC |
| atlassian -- jira_server_and_data_center | Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | 2020-06-01 | 3.5 | CVE-2020-4021 MISC |
| avaya -- ip_office | A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | 2020-06-04 | 2.1 | CVE-2020-7030 MISC CONFIRM |
| elastic -- kibana | Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. | 2020-06-03 | 3.5 | CVE-2020-7015 N/A |
| fortiguard -- fortianalyzer | An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 2020-06-04 | 3.5 | CVE-2020-6640 MISC |
| huawei -- honor_9x_smartphones | Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. | 2020-05-29 | 2.1 | CVE-2020-1833 CONFIRM |
| huawei -- mate_10_smartphones | HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. | 2020-05-29 | 2.1 | CVE-2020-1809 CONFIRM |
| huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. | 2020-05-29 | 2.1 | CVE-2020-1797 CONFIRM |
| huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. | 2020-05-29 | 1.9 | CVE-2020-1831 CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. | 2020-06-02 | 3.5 | CVE-2020-4360 XF CONFIRM |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. | 2020-06-02 | 3.5 | CVE-2020-4431 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997. | 2020-06-03 | 3.3 | CVE-2020-4307 XF CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | 2020-06-04 | 2.1 | CVE-2020-4191 XF CONFIRM |
| jenkins -- jenkins | Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | 2020-06-03 | 3.5 | CVE-2020-2195 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | 2020-06-03 | 3.5 | CVE-2020-2190 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | 2020-06-03 | 3.5 | CVE-2020-2194 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 2020-06-03 | 3.5 | CVE-2020-2193 MLIST CONFIRM |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | 2020-06-03 | 2.1 | CVE-2019-20811 MISC MISC |
| october -- october_cms | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | 3.5 | CVE-2020-5298 MISC CONFIRM |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | 2020-06-01 | 3.5 | CVE-2014-8944 MISC |
| piwigo -- lexiglot | Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 2020-06-01 | 2.1 | CVE-2014-8938 MISC |
| qualcomm -- multiple_snapdragon_products | When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-02 | 3.6 | CVE-2019-14053 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24 | 2020-06-02 | 3.6 | CVE-2019-14038 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24 | 2020-06-02 | 3.6 | CVE-2019-14039 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 2020-06-02 | 2.1 | CVE-2019-14067 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9650, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 3.6 | CVE-2019-14043 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-02 | 3.6 | CVE-2019-14042 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). | 2020-06-04 | 3.6 | CVE-2020-13837 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020). | 2020-06-04 | 3.6 | CVE-2020-13838 CONFIRM |
| sane -- backends | A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. | 2020-06-01 | 2.1 | CVE-2020-12867 CONFIRM CONFIRM |
| vmware -- esxi_and_workstation_and_fusion | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. | 2020-05-29 | 2.1 | CVE-2020-3958 MISC CONFIRM |
| vmware -- esxi_and_workstation_and_fusion | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | 2020-05-29 | 2.1 | CVE-2020-3959 CONFIRM |
| zte -- ft680_router | ZTE's PON terminal product is impacted by the access control vulnerability. Due to the system not performing correct access control on some program interfaces, an attacker could use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations. This affects: <ZTE F680><V9.0.10P1N6> | 2020-06-01 | 3.3 | CVE-2020-6868 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- unomi | Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. | 2020-06-05 | not yet calculated | CVE-2020-11975 MISC |
| apple -- multiple_products | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-05 | not yet calculated | CVE-2020-9859 MISC |
| athom -- homey_and_homey_pro_devices | An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | 2020-06-04 | not yet calculated | CVE-2020-9462 MISC |
| bitdefender -- antivirus_free | A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. | 2020-06-05 | not yet calculated | CVE-2020-8103 CONFIRM |
| bludit -- bludit | showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | 2020-06-06 | not yet calculated | CVE-2020-13889 MISC |
| castel -- nextgen_dvr | Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account. | 2020-06-04 | not yet calculated | CVE-2020-11679 MISC FULLDISC MISC |
| castel -- nextgen_dvr | Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed. | 2020-06-04 | not yet calculated | CVE-2020-11682 MISC FULLDISC MISC |
| castel -- nextgen_dvr | Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials. | 2020-06-04 | not yet calculated | CVE-2020-11681 MISC FULLDISC MISC |
| castel -- nextgen_dvr | Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc. | 2020-06-04 | not yet calculated | CVE-2020-11680 MISC FULLDISC MISC |
cisco -- 4300_series_integrated_services_routers_and_catalyst_9800-l_wireless_controllers | A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle. | 2020-06-03 | not yet calculated | CVE-2020-3220 CISCO |
| cisco -- 809_and_829_industrial_services_routers | A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15. | 2020-06-03 | not yet calculated | CVE-2020-3208 CISCO |
| cisco -- application_services_engine_software | A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device. | 2020-06-03 | not yet calculated | CVE-2020-3335 CISCO |
| cisco -- application_services_engine_software | A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device. | 2020-06-03 | not yet calculated | CVE-2020-3333 CISCO |
cisco -- asr_920_series_aggregation_service_router | A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2020-06-03 | not yet calculated | CVE-2020-3232 CISCO |
cisco -- catalyst-2960-l_series_switches_and_catalyst_cdp-8p_switches | A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication. | 2020-06-03 | not yet calculated | CVE-2020-3231 CISCO |
| cisco -- catalyst_4500_series_switches | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system. | 2020-06-03 | not yet calculated | CVE-2020-3235 CISCO |
| cisco -- catalyst_9800_series_wireless_controllers | A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device. | 2020-06-03 | not yet calculated | CVE-2020-3221 CISCO |
| cisco -- catalyst_9800_series_wireless_controllers | A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3203 CISCO |
| cisco -- catalyst_9800_series_wireless_controllers | A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. | 2020-06-03 | not yet calculated | CVE-2020-3206 CISCO |
| cisco -- digital_network_architecture_center | A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. | 2020-06-03 | not yet calculated | CVE-2020-3281 CISCO |
| cisco -- identity_services_engine | A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3353 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3201 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device. | 2020-06-03 | not yet calculated | CVE-2020-3204 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2020-06-03 | not yet calculated | CVE-2020-3200 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. | 2020-06-03 | not yet calculated | CVE-2020-3230 CISCO |
| cisco -- ios_xe_sd-wan_software | A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. | 2020-06-03 | not yet calculated | CVE-2020-3216 CISCO |
| cisco -- ios_xe_software | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3225 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem. | 2020-06-03 | not yet calculated | CVE-2020-3223 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device. | 2020-06-03 | not yet calculated | CVE-2020-3212 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device. | 2020-06-03 | not yet calculated | CVE-2020-3219 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. | 2020-06-03 | not yet calculated | CVE-2020-3226 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition. | 2020-06-03 | not yet calculated | CVE-2020-3224 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. | 2020-06-03 | not yet calculated | CVE-2020-3222 CISCO |
| cisco -- ios_xe_software | A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. | 2020-06-03 | not yet calculated | CVE-2020-3209 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise. | 2020-06-03 | not yet calculated | CVE-2020-3211 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device. | 2020-06-03 | not yet calculated | CVE-2020-3215 CISCO |
| cisco -- ios_xe_software | A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. | 2020-06-03 | not yet calculated | CVE-2020-3213 CISCO |
| cisco -- ios_xe_software | A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. | 2020-06-03 | not yet calculated | CVE-2020-3227 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device. | 2020-06-03 | not yet calculated | CVE-2020-3218 CISCO |
| cisco -- ios_xe_web_management_software | A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. | 2020-06-03 | not yet calculated | CVE-2020-3229 CISCO |
| cisco -- iox_application | A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. | 2020-06-03 | not yet calculated | CVE-2020-3238 CISCO |
| cisco -- iox_application | A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. | 2020-06-03 | not yet calculated | CVE-2020-3237 CISCO |
| cisco -- iox_application_framework | A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. | 2020-06-03 | not yet calculated | CVE-2020-3233 CISCO |
| cisco -- multiple_products | A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3217 CISCO |
| cisco -- multiple_products | A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2020-06-03 | not yet calculated | CVE-2020-3228 CISCO |
| cisco -- multiple_routers | Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-03 | not yet calculated | CVE-2020-3199 CISCO |
| cisco -- multiple_routers | A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. | 2020-06-03 | not yet calculated | CVE-2020-3234 CISCO |
| cisco -- multiple_routers | A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. | 2020-06-03 | not yet calculated | CVE-2020-3210 CISCO |
| cisco -- multiple_routers | Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-03 | not yet calculated | CVE-2020-3198 CISCO |
| cisco -- multiple_routers | A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory. | 2020-06-03 | not yet calculated | CVE-2020-3205 CISCO |
| cisco -- multiple_routers | Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-03 | not yet calculated | CVE-2020-3257 CISCO |
| cisco -- multiple_routers | Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-03 | not yet calculated | CVE-2020-3258 CISCO |
| cisco -- unified_contact_center_express | A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. | 2020-06-03 | not yet calculated | CVE-2020-3267 CISCO |
cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3. | 2020-06-03 | not yet calculated | CVE-2020-3319 CISCO |
| combodo -- itop | In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. | 2020-06-05 | not yet calculated | CVE-2020-11697 CONFIRM CONFIRM |
| combodo -- itop | In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. | 2020-06-05 | not yet calculated | CVE-2020-11696 CONFIRM CONFIRM |
| craft -- craft_cms | An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | 2020-06-05 | not yet calculated | CVE-2020-13869 MISC |
| craft -- craft_cms | An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | 2020-06-05 | not yet calculated | CVE-2020-13870 MISC |
| craft -- craft_cms | An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. | 2020-06-05 | not yet calculated | CVE-2020-13868 MISC |
| docker -- desktop | An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | 2020-06-05 | not yet calculated | CVE-2020-11492 MISC MISC |
| elastic -- elasticsearch | The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | 2020-06-03 | not yet calculated | CVE-2020-7014 N/A |
| elliptic -- elliptic | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. | 2020-06-04 | not yet calculated | CVE-2020-13822 MISC MISC MISC MISC |
| fortiguard -- forticlient_for_windows | Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | 2020-06-04 | not yet calculated | CVE-2019-16150 MISC |
| fortiguard -- fortisiem_windows_agent | An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | 2020-06-04 | not yet calculated | CVE-2020-9292 MISC |
| foxit -- e-mail_advertising_system | An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | 2020-06-04 | not yet calculated | CVE-2018-21235 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. | 2020-06-04 | not yet calculated | CVE-2019-20825 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. | 2020-06-04 | not yet calculated | CVE-2019-20832 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | 2020-06-04 | not yet calculated | CVE-2018-21237 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. | 2020-06-04 | not yet calculated | CVE-2018-21242 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | 2020-06-04 | not yet calculated | CVE-2019-20824 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | 2020-06-04 | not yet calculated | CVE-2018-21241 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. | 2020-06-04 | not yet calculated | CVE-2018-21244 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | not yet calculated | CVE-2019-20834 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | 2020-06-04 | not yet calculated | CVE-2019-20823 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. | 2020-06-04 | not yet calculated | CVE-2018-21243 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | 2020-06-04 | not yet calculated | CVE-2018-21238 CONFIRM |
| foxit -- phantompdf | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. | 2020-06-04 | not yet calculated | CVE-2019-20833 CONFIRM |
| foxit -- phantompdf_mac | An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference. | 2020-06-04 | not yet calculated | CVE-2019-20821 CONFIRM |
| foxit -- phantompdf_mac | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. | 2020-06-04 | not yet calculated | CVE-2019-20826 CONFIRM |
| foxit -- phantompdf_mac_and_reader_for_mac | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. | 2020-06-04 | not yet calculated | CVE-2019-20827 CONFIRM |
| foxit -- reader | An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | 2020-06-04 | not yet calculated | CVE-2018-21236 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data. | 2020-06-04 | not yet calculated | CVE-2019-20822 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | 2020-06-04 | not yet calculated | CVE-2018-21239 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | 2020-06-04 | not yet calculated | CVE-2018-21240 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. | 2020-06-04 | not yet calculated | CVE-2020-13814 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 2020-06-04 | not yet calculated | CVE-2020-13810 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. | 2020-06-04 | not yet calculated | CVE-2020-13815 CONFIRM |
| foxit -- reader_and_phantompdf | An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. | 2020-06-04 | not yet calculated | CVE-2019-20831 CONFIRM |
foxit -- studio_photo | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | 2020-06-04 | not yet calculated | CVE-2020-13812 CONFIRM |
| foxit -- studio_photo | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | 2020-06-04 | not yet calculated | CVE-2020-13813 CONFIRM |
| foxit -- studio_photo | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file. | 2020-06-04 | not yet calculated | CVE-2020-13811 CONFIRM |
| ge -- multiple_grid_solutions_reason_rt_clocks | GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system. | 2020-06-02 | not yet calculated | CVE-2020-12017 MISC |
| gnutls -- gnutls | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | 2020-06-04 | not yet calculated | CVE-2020-13777 CONFIRM FEDORA DEBIAN |
| google -- chrome | Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-06-03 | not yet calculated | CVE-2020-6503 MISC MISC |
| huawei -- multiple_products | Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. | 2020-06-05 | not yet calculated | CVE-2020-1883 MISC |
| huawei -- multiple_smartphones | Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. | 2020-06-05 | not yet calculated | CVE-2020-9074 MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | 2020-06-05 | not yet calculated | CVE-2020-4449 XF CONFIRM MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. | 2020-06-05 | not yet calculated | CVE-2020-4450 XF CONFIRM MISC |
ibm -- websphere_application_server_network_deployment | IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. | 2020-06-05 | not yet calculated | CVE-2020-4448 XF CONFIRM MISC |
| ibm -- worklight/mobilefoundation | IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211. | 2020-06-05 | not yet calculated | CVE-2020-4229 XF CONFIRM |
| kubernetes -- kube-controller-manager | The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | 2020-06-05 | not yet calculated | CVE-2020-8555 CONFIRM MLIST |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). | 2020-06-05 | not yet calculated | CVE-2020-13841 CONFIRM |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | 2020-06-05 | not yet calculated | CVE-2020-13843 CONFIRM |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). | 2020-06-05 | not yet calculated | CVE-2020-13839 CONFIRM |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). | 2020-06-05 | not yet calculated | CVE-2020-13842 CONFIRM |
| lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). | 2020-06-05 | not yet calculated | CVE-2020-13840 CONFIRM |
| minishare -- minishare | In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued. | 2020-06-04 | not yet calculated | CVE-2020-13768 MISC |
| mqtt -- mqtt | The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. | 2020-06-04 | not yet calculated | CVE-2020-13849 MISC MISC |
| neon -- neon | The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | 2020-06-06 | not yet calculated | CVE-2020-13890 MISC |
| network_time_foundation -- network_time_protocol | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | 2020-06-04 | not yet calculated | CVE-2020-13817 MISC MISC |
| nghttp2 -- nghttp2 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | 2020-06-03 | not yet calculated | CVE-2020-11080 MISC MISC CONFIRM DEBIAN |
| nozbe -- watermelondb | In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don't validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won't synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it's not possible to nest an insert/update query inside a delete query in SQLite, and it's not possible to pass a semicolon-separated second query. There's also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It's theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fix | 2020-06-03 | not yet calculated | CVE-2020-4035 MISC CONFIRM |
| october -- october_cms | In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466). | 2020-06-03 | not yet calculated | CVE-2020-5299 MISC MISC CONFIRM |
| october -- october_cms | The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive. | 2020-06-04 | not yet calculated | CVE-2020-11094 MISC CONFIRM |
| open-iscsi -- targetcli-fb | Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | 2020-06-05 | not yet calculated | CVE-2020-13867 MISC |
| pam_tacplus -- pam_tacplus | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 2020-06-06 | not yet calculated | CVE-2020-13881 MISC MISC |
| perl -- perl | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | 2020-06-05 | not yet calculated | CVE-2020-12723 CONFIRM CONFIRM CONFIRM MISC MISC |
| perl -- perl | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | 2020-06-05 | not yet calculated | CVE-2020-10878 CONFIRM CONFIRM CONFIRM CONFIRM |
| perl -- perl | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | 2020-06-05 | not yet calculated | CVE-2020-10543 CONFIRM CONFIRM CONFIRM |
| postgresql -- jdbc_driver | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | 2020-06-04 | not yet calculated | CVE-2020-13692 CONFIRM CONFIRM |
| pupnp -- pupnp | Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. | 2020-06-04 | not yet calculated | CVE-2020-13848 MISC MISC |
| pydio -- cells | Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | 2020-06-04 | not yet calculated | CVE-2020-12853 MISC |
| pydio -- cells | Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | 2020-06-04 | not yet calculated | CVE-2020-12851 MISC MISC |
| pydio -- cells | The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”. | 2020-06-04 | not yet calculated | CVE-2020-12852 MISC MISC |
| pydio -- cells | In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed. | 2020-06-05 | not yet calculated | CVE-2020-12848 MISC MISC |
| pydio -- cells | Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | 2020-06-05 | not yet calculated | CVE-2020-12849 MISC MISC |
| pydio -- cells | Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary. | 2020-06-04 | not yet calculated | CVE-2020-12847 MISC MISC |
| qemu -- qemu | A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. | 2020-06-04 | not yet calculated | CVE-2020-10702 CONFIRM CONFIRM |
| qemu -- qemu | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | 2020-06-04 | not yet calculated | CVE-2020-13800 MISC CONFIRM |
| qemu -- qemu | rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | 2020-06-04 | not yet calculated | CVE-2020-13765 MISC CONFIRM |
| qemu -- qemu | hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. | 2020-06-04 | not yet calculated | CVE-2020-13791 MISC CONFIRM |
| sqlite -- sqlite | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | 2020-06-06 | not yet calculated | CVE-2020-13871 MISC MISC MISC |
| swift_networks -- red_cheetah | In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL. | 2020-06-05 | not yet calculated | CVE-2020-13646 MISC |
| tigera -- calico_and_calico_enterprise | Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod. | 2020-06-03 | not yet calculated | CVE-2020-13597 CONFIRM CONFIRM CONFIRM |
| url-regex -- url-regex | all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | 2020-06-04 | not yet calculated | CVE-2020-7661 MISC MISC |
| weaveworks -- weave_net | In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond. If by chance you also have on the host a vulnerability like last year's RCE in apt (CVE-2019-3462), you can now escalate to the host. Weave Net version 2.6.3 disables the accept_ra option on the veth devices that it creates. | 2020-06-03 | not yet calculated | CVE-2020-11091 MISC CONFIRM |
| wordpress -- worpdress | The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | 2020-06-05 | not yet calculated | CVE-2020-13864 MISC |
| wordpress -- worpdress | The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | 2020-06-05 | not yet calculated | CVE-2020-13865 MISC |
| wso2 -- multiple_products | In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. | 2020-06-06 | not yet calculated | CVE-2020-13883 MISC |
| xack -- dns | XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. | 2020-06-05 | not yet calculated | CVE-2020-5591 MISC MISC |
| zephyrproject -- zephyr | A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10063 MISC MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10062 MISC MISC MISC MISC |
| zephyrproject -- zephyr | The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10071 MISC MISC MISC MISC |
| zephyrproject -- zephyr | In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10070 MISC MISC MISC MISC |
| zephyrproject -- zephyr | Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10061 MISC MISC MISC MISC MISC MISC |
| zephyrproject -- zephyr | In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | 2020-06-05 | not yet calculated | CVE-2020-10068 MISC MISC MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.