Vulnerability Summary for the Week of June 22, 2020

Released
Jun 29, 2020
Document ID
SB20-181

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- shiro
 
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.2020-06-227.5CVE-2020-11989
MISC
conjur -- oss_helm_chart
 
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).2020-06-227.7CVE-2020-4062
MISC
CONFIRM
dmitry -- deepmagic_information_gathering_tool
 
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.2020-06-197.5CVE-2020-14931
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.12020-06-197.8CVE-2020-13273
CONFIRM
MISC
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.2020-06-197.5CVE-2016-11064
CONFIRM
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.2020-06-197.5CVE-2020-14456
CONFIRM
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.2020-06-197.5CVE-2019-20856
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.2020-06-197.5CVE-2017-18915
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.2020-06-197.5CVE-2017-18920
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.2020-06-197.5CVE-2018-21251
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.2020-06-197.5CVE-2017-18908
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.2020-06-197.5CVE-2017-18912
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.2020-06-197.5CVE-2017-18885
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.2020-06-197.5CVE-2017-18888
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.2020-06-197.5CVE-2017-18900
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.2020-06-197.5CVE-2016-11074
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.2020-06-197.5CVE-2019-20881
CONFIRM
mergeobjects -- mergeobjects
 
The mergeObjects utility function is susceptible to Prototype Pollution.2020-06-197.5CVE-2020-7679
MISC
MISC
MISC
qualcomm -- multiple_snapdragon_products
 
Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-227.5CVE-2020-3661
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR11302020-06-227.2CVE-2019-14047
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-227.2CVE-2019-10597
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-227.5CVE-2020-3663
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR21302020-06-227.5CVE-2020-3662
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR21302020-06-227.5CVE-2020-3660
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR11302020-06-227.5CVE-2020-3614
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR11302020-06-2210CVE-2019-14062
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR11302020-06-227.5CVE-2019-14073
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR11302020-06-227.5CVE-2019-14080
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM81502020-06-227.2CVE-2020-3613
CONFIRM
MISC
qualcomm -- snapdragon_consumer_iot
 
Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX202020-06-2210CVE-2020-3628
CONFIRM
MISC
rtslib-fb -- rtslib-fb
 
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.2020-06-197.5CVE-2020-14019
MISC
ruby_on_rails -- ruby_on_rails
 
A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.2020-06-197.5CVE-2020-8165
MISC
MISC
MLIST
sourcecodester -- pisay_online_e-learning_system
 
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.2020-06-227.5CVE-2020-14972
MISC
MISC
squirrelmail -- squirrelmail
 
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.2020-06-207.5CVE-2020-14933
MISC
squirrelmail -- squirrelmail
 
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.2020-06-207.5CVE-2020-14932
MISC
tendenci -- tendenci
 
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.2020-06-217.5CVE-2020-14942
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aapanel -- aapanel
 
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.2020-06-216.5CVE-2020-14950
MISC
alpine -- alpine
 
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.2020-06-195CVE-2020-14929
MISC
MLIST
apache -- archiva
 
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.2020-06-195CVE-2020-9495
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
bitdefender -- total_security_2020
 
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.2020-06-226.8CVE-2020-8102
MISC
bt_ctroms -- terminal_os_port_portal_ct-464
 
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.2020-06-194.3CVE-2020-14930
MISC
MISC
dolibarr -- dolibarr
 
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).2020-06-194.3CVE-2020-14475
MISC
ec-cube -- ec-cube
 
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.2020-06-195.5CVE-2020-5590
MISC
MISC
MISC
fortinet -- fortideceptor
 
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.2020-06-226.8CVE-2020-6644
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification2020-06-195CVE-2020-13265
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link2020-06-194.3CVE-2020-13262
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token2020-06-195CVE-2020-13264
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.12020-06-194CVE-2020-13276
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.52020-06-194CVE-2020-13277
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow2020-06-196.5CVE-2020-13272
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.12020-06-195.5CVE-2020-13275
CONFIRM
MISC
MISC
gogs -- gogs
 
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.2020-06-214CVE-2020-14958
MISC
MISC
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514.2020-06-244.3CVE-2020-4323
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988.2020-06-244.3CVE-2020-4413
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.2020-06-245CVE-2020-4327
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.2020-06-245CVE-2020-4341
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.2020-06-245CVE-2020-4342
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.2020-06-244.3CVE-2020-4322
XF
CONFIRM
information_builders -- webfocus_business_intelligence
 
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration.2020-06-225.8CVE-2020-14204
MISC
information_builders -- webfocus_business_intelligence
 
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.2020-06-224.3CVE-2020-14202
MISC
information_builders -- webfocus_business_intelligence
 
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044.2020-06-226.8CVE-2020-14203
MISC
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.2020-06-196.8CVE-2019-20861
CONFIRM
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.2020-06-194.3CVE-2020-14455
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.2020-06-194CVE-2017-18918
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.2020-06-196.4CVE-2016-11072
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.2020-06-195CVE-2019-20862
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.2020-06-194.3CVE-2017-18881
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.2020-06-194.3CVE-2016-11082
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.2020-06-194.3CVE-2016-11083
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.2020-06-194.3CVE-2016-11079
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.2020-06-194.3CVE-2017-18882
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.2020-06-194.3CVE-2016-11073
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.2020-06-194.3CVE-2016-11071
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.2020-06-194.3CVE-2016-11063
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.2020-06-194CVE-2019-20873
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.2020-06-195CVE-2017-18917
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.2020-06-194.3CVE-2017-18879
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.2020-06-194CVE-2019-20870
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.2020-06-194.3CVE-2016-11084
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.2020-06-194.3CVE-2017-18880
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.2020-06-194CVE-2018-21260
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.2020-06-194.3CVE-2017-18909
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.2020-06-194.3CVE-2017-18892
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.2020-06-194CVE-2016-11078
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.2020-06-194CVE-2018-21253
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.2020-06-194CVE-2017-18910
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.2020-06-194CVE-2016-11065
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.2020-06-194CVE-2019-20879
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.2020-06-194.3CVE-2018-21249
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.2020-06-195CVE-2018-21248
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.2020-06-194CVE-2016-11081
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.2020-06-194CVE-2016-11080
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.2020-06-194CVE-2016-11077
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.2020-06-194.3CVE-2017-18877
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.2020-06-194CVE-2019-20887
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.2020-06-194CVE-2019-20890
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.2020-06-194CVE-2017-18889
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.2020-06-194.3CVE-2017-18913
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.2020-06-194CVE-2019-20878
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.2020-06-194.3CVE-2017-18907
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.2020-06-194.3CVE-2017-18904
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.2020-06-194.3CVE-2017-18921
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.2020-06-196.8CVE-2019-20841
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.2020-06-195CVE-2017-18905
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.2020-06-195CVE-2017-18899
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.2020-06-195CVE-2018-21258
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.2020-06-194.3CVE-2017-18893
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.2020-06-195CVE-2019-20867
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.2020-06-195CVE-2017-18916
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.2020-06-195CVE-2016-11075
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.2020-06-195CVE-2017-18902
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.2020-06-195CVE-2017-18901
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.2020-06-195CVE-2016-11069
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.2020-06-196.5CVE-2018-21263
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.2020-06-195CVE-2019-20889
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.2020-06-195CVE-2017-18898
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.2020-06-196.8CVE-2019-20865
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.2020-06-195CVE-2017-18896
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.2020-06-195CVE-2019-20857
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.2020-06-195CVE-2017-18895
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.2020-06-195CVE-2017-18919
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.2020-06-195CVE-2017-18871
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.2020-06-195CVE-2019-20847
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.2020-06-195CVE-2019-20854
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.2020-06-195CVE-2019-20855
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.2020-06-195CVE-2016-11076
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.2020-06-195CVE-2019-20886
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.2020-06-196.4CVE-2017-18911
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.2020-06-195CVE-2017-18887
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.2020-06-195CVE-2019-20868
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.2020-06-195CVE-2019-20875
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.2020-06-195CVE-2019-20882
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.2020-06-195.8CVE-2017-18897
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.2020-06-195.8CVE-2020-14454
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.2020-06-195CVE-2019-20874
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.2020-06-195.5CVE-2017-18894
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.2020-06-195.5CVE-2019-20876
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.2020-06-195.1CVE-2017-18903
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.2020-06-195CVE-2016-11062
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.2020-06-195CVE-2015-9548
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.2020-06-195CVE-2016-11066
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.2020-06-195CVE-2016-11068
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.2020-06-195CVE-2019-20871
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.2020-06-195CVE-2017-18914
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.2020-06-195CVE-2019-20863
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.2020-06-195CVE-2019-20859
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.2020-06-195CVE-2019-20858
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.2020-06-196.5CVE-2017-18886
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.2020-06-195CVE-2016-11067
CONFIRM
mutt -- mutt_and_neomutt
 
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."2020-06-214.3CVE-2020-14954
MISC
MISC
MISC
MISC
MISC
MISC
DEBIAN
DEBIAN
octopus -- deploy
 
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.2020-06-194CVE-2020-14470
MISC
php-fusion -- php-fusion
 
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,2020-06-226.5CVE-2020-14960
MISC
MISC
MISC
qualcomm -- multiple_snapdragon_products
 
Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2019-14094
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-226.4CVE-2020-3658
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2019-14076
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR21302020-06-224.6CVE-2019-14091
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2020-3626
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2020-3635
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2020-3642
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM81502020-06-224.6CVE-2020-3665
CONFIRM
MISC
qualcomm -- multiple_snapdragon_products
 
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-06-224.6CVE-2020-3676
CONFIRM
MISC
rack -- rack
 
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.2020-06-195CVE-2020-8184
MISC
MISC
red_hat -- quay
 
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.2020-06-224.3CVE-2019-3865
CONFIRM
ruby_on_rails -- ruby_on_rails
 
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.2020-06-194.3CVE-2020-8167
MISC
MISC
ruby_on_rails -- ruby_on_rails
 
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.2020-06-195CVE-2020-8162
MISC
MISC
ruby_on_rails -- ruby_on_rails
 
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.2020-06-195CVE-2020-8164
MISC
MISC
MLIST
sophos -- secure_email
 
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.2020-06-224.3CVE-2020-14980
MISC
strapi -- strapi
 
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.2020-06-194CVE-2020-13961
MISC
CONFIRM
CONFIRM
victor_cms -- victor_cms
 
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.2020-06-224.3CVE-2020-13427
MISC
MISC
vinades -- nukeviet
 
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.2020-06-234.3CVE-2020-13157
MISC
MISC
vinades -- nukeviet
 
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.2020-06-236.8CVE-2020-13155
MISC
MISC
vinades -- nukeviet
 
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.2020-06-234.3CVE-2020-13156
MISC
MISC
webtareas -- webtereas
 
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.2020-06-224.3CVE-2020-14973
MISC
MISC
woocommerce -- woocommerce
 
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.2020-06-196.8CVE-2019-20891
MISC
MISC
wordpress -- wordpress
 
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.2020-06-224.3CVE-2020-13426
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
zyxel -- armor_x1_wap6806_devicesZyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.2020-06-225CVE-2020-14461
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cms_made_simple -- cms_made_simple
 
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.2020-06-193.5CVE-2020-14926
MISC
fortinet -- fortiwlc
 
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.2020-06-223.5CVE-2020-9288
CONFIRM
global_radar -- bsa_radar
 
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.2020-06-223.5CVE-2020-14943
MISC
MISC
MISC
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408.2020-06-193.5CVE-2020-4295
XF
CONFIRM
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474.2020-06-193.5CVE-2020-4297
XF
CONFIRM
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141.2020-06-193.5CVE-2020-4281
XF
CONFIRM
kordil -- kordil_edms
 
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php.2020-06-223.5CVE-2020-13888
MISC
MISC
linux_foundation -- jaeger
 
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.2020-06-192.1CVE-2020-10750
CONFIRM
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.2020-06-192.1CVE-2019-20872
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.2020-06-193.5CVE-2016-11070
CONFIRM
mcafee -- advanced_threat_defense
 
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.2020-06-222.1CVE-2020-7262
CONFIRM
naviwebs -- navigate_cms
 
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.2020-06-193.5CVE-2020-14927
MISC
paessler -- prtg_network_monitor
 
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.2020-06-233.5CVE-2020-14073
MISC
MISC
qualcomm -- multiple_snapdragon_products
 
Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR21302020-06-222.1CVE-2019-10626
CONFIRM
qualcomm -- multiple_snapdragon_products
 
System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR21302020-06-222.1CVE-2019-14092
CONFIRM
MISC
vmware -- tools_for_macos
 
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.2020-06-192.1CVE-2020-3972
MISC
wordpress -- wordpress
 
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.2020-06-223.5CVE-2020-14962
MISC
wordpress -- wordpress
 
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.2020-06-223.5CVE-2020-14959
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
academy_software_foundation -- openexr
 
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.2020-06-26not yet calculatedCVE-2020-15304
MISC
MISC
MISC
MISC
academy_software_foundation -- openexr
 
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.2020-06-26not yet calculatedCVE-2020-15305
MISC
MISC
MISC
MISC
academy_software_foundation -- openexr
 
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.2020-06-26not yet calculatedCVE-2020-15306
MISC
MISC
MISC
MISC
adobe -- acrobat_and_acrobat_readerAdobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9597
CONFIRM
adobe -- acrobat_and_acrobat_readerAdobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9599
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.2020-06-25not yet calculatedCVE-2020-9592
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.2020-06-25not yet calculatedCVE-2020-9611
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service.2020-06-25not yet calculatedCVE-2020-9610
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.2020-06-25not yet calculatedCVE-2020-9613
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.2020-06-25not yet calculatedCVE-2020-9614
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass.2020-06-25not yet calculatedCVE-2020-9615
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9608
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9594
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9612
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9598
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9595
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9609
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9602
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9607
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9600
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9601
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9593
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.2020-06-25not yet calculatedCVE-2020-9596
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9603
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9604
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9605
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9606
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9661
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9660
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .2020-06-26not yet calculatedCVE-2020-3809
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9637
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9638
CONFIRM
adobe -- after_effectsAdobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9662
CONFIRM
adobe -- auditionAdobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9658
CONFIRM
adobe -- auditionAdobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9618
CONFIRM
adobe -- auditionAdobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9659
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9566
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9560
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9556
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9559
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9557
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9558
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9562
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9565
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9564
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9563
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9561
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9553
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9554
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9555
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9568
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9569
CONFIRM
adobe -- bridge
 
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9567
CONFIRM
adobe -- campaign_classic
 
Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-25not yet calculatedCVE-2020-9666
CONFIRM
adobe -- character_animatorAdobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9586
CONFIRM
adobe -- coldfusion_2016_and_2018ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).2020-06-26not yet calculatedCVE-2020-3767
CONFIRM
adobe -- coldfusion_2016_and_2018
 
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.2020-06-26not yet calculatedCVE-2020-3768
CONFIRM
adobe -- coldfusion_2016_and_2018
 
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.2020-06-26not yet calculatedCVE-2020-3796
CONFIRM
adobe -- digital_editionsAdobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-3798
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9626
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9623
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9589
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9622
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9625
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9629
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9620
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9627
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9624
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9621
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9590
CONFIRM
adobe -- dng_software_development_kit
 
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9628
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9640
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.1.2 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9642
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9639
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9641
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9573
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9574
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9575
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9572
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-26not yet calculatedCVE-2020-9570
CONFIRM
adobe -- illustrator
 
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9571
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9632
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9579
CONFIRM

adobe -- magento

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9631
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9576
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9585
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-26not yet calculatedCVE-2020-9581
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .2020-06-26not yet calculatedCVE-2020-9577
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.2020-06-26not yet calculatedCVE-2020-9587
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9578
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9580
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9583
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.2020-06-26not yet calculatedCVE-2020-9630
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-26not yet calculatedCVE-2020-9584
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.2020-06-26not yet calculatedCVE-2020-9588
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.2020-06-26not yet calculatedCVE-2020-9591
CONFIRM
adobe -- magento
 
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2020-9582
CONFIRM
adobe -- premiere_proAdobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9653
CONFIRM
adobe -- premiere_proAdobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9652
CONFIRM
adobe -- premiere_proAdobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9654
CONFIRM
adobe -- premiere_pro
 
Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9616
CONFIRM
adobe -- premiere_rushAdobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9656
CONFIRM
adobe -- premiere_rushAdobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9657
CONFIRM
adobe -- premiere_rush
 
Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-26not yet calculatedCVE-2020-9617
CONFIRM
adobe -- premiere_rush
 
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-25not yet calculatedCVE-2020-9655
CONFIRM
apache -- activemq_artemis
 
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.2020-06-26not yet calculatedCVE-2020-10727
CONFIRM
MISC
apache -- spark
 
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).2020-06-23not yet calculatedCVE-2020-9480
CONFIRM
apache -- tomcat
 
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.2020-06-26not yet calculatedCVE-2020-11996
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- traffic_serverApache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.2020-06-24not yet calculatedCVE-2020-9494
CONFIRM
DEBIAN
apnswift -- apnswift
 
In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1.2020-06-22not yet calculatedCVE-2020-4068
MISC
MISC
MISC
CONFIRM
argent -- recoverymanager
 
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.2020-06-25not yet calculatedCVE-2020-15302
MISC
artica -- proxy_community_editionArtica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.2020-06-22not yet calculatedCVE-2020-13158
MISC
artica -- proxy_community_editionArtica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.2020-06-22not yet calculatedCVE-2020-13159
MISC
MISC
atlassian -- jira_server_and_data_center
 
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.2020-06-23not yet calculatedCVE-2019-20409
MISC
atlassian -- jira_server_and_data_center
 
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.2020-06-23not yet calculatedCVE-2020-4028
MISC
backbox -- boolebox_secure_file_sharing_utilityBooleBox Secure File Sharing Utility (potentially all versions) allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.2020-06-24not yet calculatedCVE-2020-13248
MISC
backbox -- boolebox_secure_file_sharing_utilityBooleBox Secure File Sharing Utility (potentially all versions) allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.2020-06-24not yet calculatedCVE-2020-13247
MISC
beaker -- beaker
 
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.2020-06-26not yet calculatedCVE-2013-7489
MISC
MISC
MISC
bitrix24 -- bitrix24
 
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.2020-06-24not yet calculatedCVE-2020-13483
MISC
bitrix24 -- bitrix24
 
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.2020-06-24not yet calculatedCVE-2020-13484
MISC
blogcms -- blogcmspramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.2020-06-24not yet calculatedCVE-2020-15014
MISC
bludit -- bluditBludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.2020-06-24not yet calculatedCVE-2020-15006
MISC
bludit -- bluditBludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.2020-06-24not yet calculatedCVE-2020-15026
MISC
cae -- compression_and_archive_extensions
 
The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.2020-06-23not yet calculatedCVE-2020-7668
MISC
cae -- compression_and_archive_extensions
 
The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.2020-06-23not yet calculatedCVE-2020-7664
MISC
ceph -- ceph
 
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.2020-06-22not yet calculatedCVE-2020-10736
CONFIRM
MISC
ceph -- ceph_object_gatewayA flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.2020-06-26not yet calculatedCVE-2020-10753
CONFIRM
chocolate-doom -- chocolate-doom_and_crispy_doomThe server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.2020-06-22not yet calculatedCVE-2020-14983
MISC
crypto/authenc.c -- crypto/authenc.c
 
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.2020-06-26not yet calculatedCVE-2020-10769
MISC
MISC
dell -- multiple_products
 
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.2020-06-23not yet calculatedCVE-2020-5367
CONFIRM
dell -- multiple_products
 
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.2020-06-23not yet calculatedCVE-2020-5345
CONFIRM
django-basic-auth-ip-whitelist -- django-basic-auth-ip-whitelist
 
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website's server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings.2020-06-24not yet calculatedCVE-2020-4071
CONFIRM
MISC
docker -- docker_desktop
 
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.2020-06-27not yet calculatedCVE-2020-15360
MISC
MISC
draytek -- multiple_devicesStack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.2020-06-24not yet calculatedCVE-2020-14473
CONFIRM
draytek -- multiple_devicesDrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote code injection/execution vulnerability.2020-06-24not yet calculatedCVE-2020-14472
CONFIRM
draytek -- multiple_devices
 
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.2020-06-23not yet calculatedCVE-2020-14993
MISC
MISC
CONFIRM
f-secure -- safeAn issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.2020-06-23not yet calculatedCVE-2020-14978
MISC
MISC
MISC
f-secure -- safe
 
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.2020-06-23not yet calculatedCVE-2020-14977
MISC
MISC
MISC
freedroid -- freedroidrpgAn issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.2020-06-23not yet calculatedCVE-2020-14938
MISC
MISC
freedroid -- freedroidrpgAn issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.2020-06-23not yet calculatedCVE-2020-14939
MISC
MISC
freerdp -- freerdpIn FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-11096
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-4032
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-4033
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-11095
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-11098
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-11099
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-4031
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-11097
MISC
MISC
CONFIRM
freerdp -- freerdp
 
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.2020-06-22not yet calculatedCVE-2020-4030
MISC
MISC
CONFIRM
generator-jhipster-kotlin -- generator-jhipster-kotlin
 
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.2020-06-25not yet calculatedCVE-2020-4072
MISC
CONFIRM
MISC
MISC
gitlab -- gitlab-vscode-extension
 
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system2020-06-22not yet calculatedCVE-2020-13279
CONFIRM
MISC
gleamtech -- fileultimateThe FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document.2020-06-24not yet calculatedCVE-2020-15015
MISC
global_radar -- bsa_radardownloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.2020-06-22not yet calculatedCVE-2020-14946
MISC
MISC
global_radar -- bsa_radar
 
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.2020-06-22not yet calculatedCVE-2020-14945
MISC
MISC
global_radar -- bsa_radar
 
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.2020-06-22not yet calculatedCVE-2020-14944
MISC
MISC
gns3 -- ubridgeGNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context.2020-06-23not yet calculatedCVE-2020-14976
MISC
MISC
MISC
MISC
gnu -- mailmanGNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.2020-06-24not yet calculatedCVE-2020-15011
MISC
google -- cloud_platform
 
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.2020-06-22not yet calculatedCVE-2020-8903
MISC
CONFIRM
MISC
google -- cloud_platform
 
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.2020-06-22not yet calculatedCVE-2020-8933
MISC
CONFIRM
MISC
google -- cloud_platform
 
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.2020-06-22not yet calculatedCVE-2020-8907
MISC
CONFIRM
MISC
hcl -- notesHCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.2020-06-26not yet calculatedCVE-2020-4089
CONFIRM
honeywell -- controledge_plc_and_rtuControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.2020-06-26not yet calculatedCVE-2020-10628
MISC
honeywell -- controledge_plc_and_rtuControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.2020-06-26not yet calculatedCVE-2020-10624
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.2020-06-26not yet calculatedCVE-2019-4650
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.2020-06-26not yet calculatedCVE-2020-4223
XF
CONFIRM
ibm -- security_guardium
 
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.2020-06-23not yet calculatedCVE-2020-4188
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.2020-06-26not yet calculatedCVE-2020-4565
XF
CONFIRM
id_software -- id_tech_1A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.2020-06-24not yet calculatedCVE-2020-15007
MISC
MISC
idrive -- idrive
 
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.2020-06-26not yet calculatedCVE-2020-15351
MISC
MISC
iobit -- advanced_systemcare_free
 
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.2020-06-22not yet calculatedCVE-2020-14990
MISC
MISC
iobit -- unlockerThe driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124.2020-06-23not yet calculatedCVE-2020-14974
MISC
MISC
iobit -- unlockerThe driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124.2020-06-23not yet calculatedCVE-2020-14975
MISC
MISC
jiangmin -- jiangmin_antivirus
 
In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.2020-06-26not yet calculatedCVE-2020-14955
MISC
johnson_controls -- exacqvisionA vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.2020-06-26not yet calculatedCVE-2020-9047
CONFIRM
CERT
jsrsasign -- jsrsasign
 
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.2020-06-22not yet calculatedCVE-2020-14967
MISC
MISC
MISC
MISC
MISC
jsrsasign -- jsrsasign
 
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.2020-06-22not yet calculatedCVE-2020-14968
MISC
MISC
MISC
MISC
MISC
jsrsasign -- jsrsasign
 
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.2020-06-22not yet calculatedCVE-2020-14966
MISC
MISC
MISC
MISC
MISC
kordil -- kordil_edmsdocuments_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.2020-06-22not yet calculatedCVE-2020-13887
MISC
MISC
limdu -- limduIn Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.2020-06-22not yet calculatedCVE-2020-4066
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.2020-06-26not yet calculatedCVE-2020-13891
CONFIRM
mediawiki -- mediawikiIn MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.2020-06-24not yet calculatedCVE-2020-15005
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
misp -- misp
 
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.2020-06-22not yet calculatedCVE-2020-14969
MISC
mitsubishi_electric -- multiple_central_processing_units
 
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.2020-06-23not yet calculatedCVE-2020-5594
MISC
MISC
MISC
mobile_industrial_robots -- mir100_and_mir200_robots
 
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.2020-06-24not yet calculatedCVE-2020-10269
CONFIRM
mobile_industrial_robots -- mir100_and_mir200_robots
 
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.2020-06-24not yet calculatedCVE-2020-10270
CONFIRM
mobile_industrial_robots -- multiple_controllers
 
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.2020-06-24not yet calculatedCVE-2020-10279
CONFIRM
mobile_industrial_robots -- multiple_controllers
 
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.2020-06-24not yet calculatedCVE-2020-10273
CONFIRM
mobile_industrial_robots -- multiple_robotsThe Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.2020-06-24not yet calculatedCVE-2020-10280
CONFIRM
mobile_industrial_robots -- multiple_robotsThere is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.2020-06-24not yet calculatedCVE-2020-10277
CONFIRM
mobile_industrial_robots -- multiple_robotsThe access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data.2020-06-24not yet calculatedCVE-2020-10275
CONFIRM
mobile_industrial_robots -- multiple_robots
 
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.2020-06-24not yet calculatedCVE-2020-10276
CONFIRM
mobile_industrial_robots -- multiple_robots
 
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).2020-06-24not yet calculatedCVE-2020-10271
CONFIRM
mobile_industrial_robots -- multiple_robots
 
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.2020-06-24not yet calculatedCVE-2020-10272
CONFIRM
mobile_industrial_robots -- multiple_robots
 
The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.2020-06-24not yet calculatedCVE-2020-10278
CONFIRM
mobile_industrial_robots -- multiple_robots
 
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.2020-06-24not yet calculatedCVE-2020-10274
CONFIRM
naviwebs -- navigate_cms
 
An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.2020-06-24not yet calculatedCVE-2020-14014
MISC
naviwebs -- navigate_cms
 
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.2020-06-24not yet calculatedCVE-2020-14016
MISC
naviwebs -- navigate_cms
 
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id).2020-06-24not yet calculatedCVE-2020-14015
MISC
naviwebs -- navigate_cms
 
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.2020-06-24not yet calculatedCVE-2020-14017
MISC
naviwebs -- navigate_cms
 
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field.2020-06-24not yet calculatedCVE-2020-14018
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.2020-06-26not yet calculatedCVE-2020-15016
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.2020-06-26not yet calculatedCVE-2020-15017
MISC
net-snmp -- net-snmp
 
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.2020-06-25not yet calculatedCVE-2019-20892
MLIST
MISC
MISC
MISC
MISC
network_time_foundation -- network_time_protocolntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.2020-06-24not yet calculatedCVE-2020-15025
MISC
MISC
MISC
node-traceroute -- node-traceroute
 
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.2020-06-25not yet calculatedCVE-2018-21268
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nvidia -- windows_gpu_display_driverNVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.2020-06-25not yet calculatedCVE-2020-5964
CONFIRM
nvidia -- windows_gpu_display_driverNVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.2020-06-25not yet calculatedCVE-2020-5965
CONFIRM
nvidia -- windows_gpu_display_driverNVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.2020-06-25not yet calculatedCVE-2020-5966
CONFIRM
nvidia -- windows_gpu_display_driverNVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.2020-06-25not yet calculatedCVE-2020-5967
CONFIRM
nvidia -- windows_gpu_display_driverNVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.2020-06-25not yet calculatedCVE-2020-5963
CONFIRM
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.2020-06-24not yet calculatedCVE-2020-5962
CONFIRM
openfind -- mailgates
 
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.2020-06-23not yet calculatedCVE-2020-12782
CONFIRM
osisoft -- pi_web_api_2019
 
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.2020-06-23not yet calculatedCVE-2020-12021
MISC
packet_tide -- expressengine
 
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).2020-06-24not yet calculatedCVE-2020-13443
MISC
MISC
philips -- multiple_products
 
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.2020-06-26not yet calculatedCVE-2020-14477
MISC
php-fusion -- php-fusionPHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.2020-06-24not yet calculatedCVE-2020-15041
MISC
pi-hole -- pi-hole
 
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again.2020-06-23not yet calculatedCVE-2020-14971
MISC
CONFIRM
CONFIRM
CONFIRM
pillow -- pillowPillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.2020-06-25not yet calculatedCVE-2020-10177
MISC
MISC
MISC
MISC
MISC
pillow -- pillow
 
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.2020-06-25not yet calculatedCVE-2020-10379
MISC
MISC
MISC
MISC
MISC
pillow -- pillow
 
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.2020-06-25not yet calculatedCVE-2020-11538
MISC
MISC
MISC
MISC
pillow -- pillow
 
In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multiple out-of-bounds reads via a crafted JP2 file.2020-06-25not yet calculatedCVE-2020-10994
MISC
MISC
MISC
MISC
MISC
pillow -- pillow
 
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.2020-06-25not yet calculatedCVE-2020-10378
MISC
MISC
MISC
MISC
MISC
playsms -- playsmsplaySMS through 1.4.3 is vulnerable to session fixation.2020-06-24not yet calculatedCVE-2020-15018
MISC
portland_labs -- concrete5
 
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.2020-06-22not yet calculatedCVE-2020-14961
MISC
MISC
rakuten -- viber_for_windows
 
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.2020-06-22not yet calculatedCVE-2020-14049
MISC
MISC
rapid7 -- metasploit_pro
 
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.2020-06-25not yet calculatedCVE-2020-7355
MISC
CONFIRM
rapid7 -- metasploit_pro
 
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.2020-06-25not yet calculatedCVE-2020-7354
MISC
CONFIRM
red_hat -- cloudforms_management_engine
 
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.2020-06-22not yet calculatedCVE-2019-14894
CONFIRM
red_hat -- jboss_keycloakA vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.2020-06-22not yet calculatedCVE-2020-1727
CONFIRM
red_hat -- wildfly
 
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.2020-06-22not yet calculatedCVE-2020-10740
CONFIRM
rockwell_automation -- factorytalk_services_platformIn Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.2020-06-23not yet calculatedCVE-2020-12033
MISC
sane -- backendsA heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.2020-06-24not yet calculatedCVE-2020-12865
CONFIRM
MISC
sane -- backends
 
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.2020-06-24not yet calculatedCVE-2020-12864
CONFIRM
MISC
sane -- backends
 
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.2020-06-24not yet calculatedCVE-2020-12866
CONFIRM
MISC
sane -- backends
 
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.2020-06-24not yet calculatedCVE-2020-12863
CONFIRM
MISC
sane -- backends
 
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.2020-06-24not yet calculatedCVE-2020-12861
CONFIRM
MISC
sane -- backends
 
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.2020-06-24not yet calculatedCVE-2020-12862
CONFIRM
MISC
sas_institute -- go-rpmutils
 
The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.2020-06-24not yet calculatedCVE-2020-7667
CONFIRM
CONFIRM
secureauth -- secureauth_idpSecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.2020-06-25not yet calculatedCVE-2020-9437
MISC
MISC
MISC
semtech -- lora_basics_stationIn LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4.2020-06-22not yet calculatedCVE-2020-4060
CONFIRM
semtech -- loramac-nodeIn LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4.2020-06-23not yet calculatedCVE-2020-11068
MISC
CONFIRM
shenzhen_tenda _technology -- pa6_wi-fi_powerline_extenderTenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.2020-06-25not yet calculatedCVE-2019-19506
MISC
shenzhen_tenda _technology -- pa6_wi-fi_powerline_extenderTenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.2020-06-25not yet calculatedCVE-2019-19505
MISC
shenzhen_tenda _technology -- pa6_wi-fi_powerline_extenderTenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.2020-06-25not yet calculatedCVE-2019-16213
MISC
solarwinds -- orionSolarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.2020-06-24not yet calculatedCVE-2020-14005
MISC
solarwinds -- orionSolarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.2020-06-24not yet calculatedCVE-2020-14006
MISC
solarwinds -- orionSolarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.2020-06-24not yet calculatedCVE-2020-14007
MISC
sqlite -- sqlite
 
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.2020-06-27not yet calculatedCVE-2020-15358
MISC
MISC
MISC
stash -- stashStash 1.0.3 allows SQL Injection via the downloadmp3.php download parameter.2020-06-26not yet calculatedCVE-2020-15311
MISC
supermicro -- x10drh-it_motherboardsThe web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.2020-06-24not yet calculatedCVE-2020-15046
MISC
support_incident_tracker_project -- sit!Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter.2020-06-26not yet calculatedCVE-2020-15308
MISC
taxguitar -- taxguitarAn issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.2020-06-23not yet calculatedCVE-2020-14940
MISC
MISC
tinxy -- door_lock_devicesTinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.2020-06-23not yet calculatedCVE-2020-9438
MISC
tp-link -- tl-wr740n_and_tl-wr740nd_devices
 
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.2020-06-23not yet calculatedCVE-2020-14965
MISC
trojita_project -- trojitaMSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers.2020-06-25not yet calculatedCVE-2020-15047
MISC
MISC
unisys -- stealth
 
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.2020-06-22not yet calculatedCVE-2020-12053
CONFIRM
verint -- workforce_optimization
 
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.2020-06-22not yet calculatedCVE-2020-13480
MISC
MISC
MISC
vipre -- password_vault_appThe ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation.2020-06-22not yet calculatedCVE-2020-14981
MISC
winmagic -- securedocThe SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.2020-06-22not yet calculatedCVE-2020-11519
CONFIRM
winmagic -- securedoc
 
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.2020-06-22not yet calculatedCVE-2020-11520
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.2020-06-25not yet calculatedCVE-2020-3964
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.2020-06-25not yet calculatedCVE-2020-3966
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.2020-06-25not yet calculatedCVE-2020-3967
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.2020-06-25not yet calculatedCVE-2020-3968
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.2020-06-24not yet calculatedCVE-2020-3969
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.2020-06-25not yet calculatedCVE-2020-3970
CONFIRM
wmware -- esxi_and_workstation_and_fusionVMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.2020-06-25not yet calculatedCVE-2020-3965
CONFIRM
wmware -- esxi_and_workstation_and_fusion
 
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.2020-06-25not yet calculatedCVE-2020-3971
CONFIRM
wmware -- esxi_and_workstation_and_fusion
 
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.2020-06-25not yet calculatedCVE-2020-3963
CONFIRM
wmware -- esxi_and_workstation_and_fusion
 
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.2020-06-24not yet calculatedCVE-2020-3962
CONFIRM
wolfssl -- wolfsslThe private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."2020-06-25not yet calculatedCVE-2020-11735
CONFIRM
CONFIRM
wordpress -- wordpressThe SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.2020-06-24not yet calculatedCVE-2020-15038
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.2020-06-24not yet calculatedCVE-2020-13700
MISC
MISC
MISC
world_wide_web_consortium -- css_validator
 
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.2020-06-22not yet calculatedCVE-2020-4070
MISC
CONFIRM
xiaomi -- mi_jia_printer
 
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.2020-06-24not yet calculatedCVE-2020-10561
CONFIRM
xiaomi -- r3600_rom_routerAn unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.2020-06-24not yet calculatedCVE-2020-11959
CONFIRM
xiaomi -- r3600_rom_router
 
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS2020-06-24not yet calculatedCVE-2020-11960
CONFIRM
xiaomi -- r3600_rom_router
 
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication2020-06-24not yet calculatedCVE-2020-11961
CONFIRM
xiaomi -- r3600_rom_router
 
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.2020-06-24not yet calculatedCVE-2020-14094
CONFIRM
xiaomi -- r3600_rom_router
 
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.2020-06-24not yet calculatedCVE-2020-14095
CONFIRM
zte -- u31r20_device
 
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T1152020-06-24not yet calculatedCVE-2020-6870
CONFIRM
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.2020-06-26not yet calculatedCVE-2020-15348
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.2020-06-26not yet calculatedCVE-2020-15336
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.2020-06-26not yet calculatedCVE-2020-15335
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.