Vulnerability Summary for the Week of June 29, 2020

Released
Jul 06, 2020
Document ID
SB20-188

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9566
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9564
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9562
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9569
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9568
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9565
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9567
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9563
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9559
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9560
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9556
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9555
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9554
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9561
CONFIRM
adobe -- character_animatorAdobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9586
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9589
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9590
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9620
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9621
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9573
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9574
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9572
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-269.3CVE-2020-9571
CONFIRM
adobe -- illustratorAdobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-06-269.3CVE-2020-9570
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9585
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9576
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9582
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9583
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9580
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-2610CVE-2020-9631
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9578
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.2020-06-267.5CVE-2020-9630
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-2610CVE-2020-9632
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-267.5CVE-2020-9579
CONFIRM
draytek -- multiple_devicesOn DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.2020-06-307.5CVE-2020-15415
MISC
MISC
f5 -- big-ipIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.2020-07-0110CVE-2020-5902
MISC
mk-auth -- mk-authAn issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php.2020-06-297.5CVE-2020-14068
MISC
MISC
mk-auth -- mk-authAn issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.2020-06-2910CVE-2020-14072
MISC
MISC
mk-auth -- mk-authAn issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.2020-06-2910CVE-2020-14070
MISC
MISC
opensis -- opensisopenSIS through 7.4 allows SQL Injection.2020-07-017.5CVE-2020-13381
MISC
MISC
opensis -- opensisopenSIS before 7.4 allows SQL Injection.2020-07-017.5CVE-2020-13380
CONFIRM
MISC
prestashop -- prestashopIn PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.62020-07-027.5CVE-2020-15082
MISC
CONFIRM
prestashop -- prestashopIn PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.7.6.2020-07-0210CVE-2020-4074
MISC
CONFIRM
sqlite -- sqliteIn SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.2020-06-277.5CVE-2020-15358
MISC
MISC
MISC
stash -- stashStash 1.0.3 allows SQL Injection via the downloadmp3.php download parameter.2020-06-267.5CVE-2020-15311
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.2020-06-297.5CVE-2020-15320
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.2020-06-297.5CVE-2020-15324
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- after_effectsAdobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .2020-06-264.3CVE-2020-3809
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9553
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9557
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9558
CONFIRM
adobe -- coldfusionColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.2020-06-264.3CVE-2020-3796
CONFIRM
adobe -- coldfusionColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).2020-06-264.3CVE-2020-3767
CONFIRM
adobe -- coldfusionColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.2020-06-264.4CVE-2020-3768
CONFIRM
adobe -- digital_editionsAdobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-3798
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-265CVE-2020-9627
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9622
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9624
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-265CVE-2020-9628
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9626
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-265CVE-2020-9625
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9629
CONFIRM
adobe -- dng_software_development_kitAdobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-265CVE-2020-9623
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.2020-06-265CVE-2020-9591
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.2020-06-266.5CVE-2020-9588
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .2020-06-264.3CVE-2020-9577
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-264.3CVE-2020-9581
CONFIRM
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.2020-06-265CVE-2020-9587
CONFIRM
adobe -- premiere_proAdobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9616
CONFIRM
adobe -- premiere_rushAdobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-06-264.3CVE-2020-9617
CONFIRM
apache -- tomcatA specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.2020-06-265CVE-2020-11996
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
cybozu -- garoonPath traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.2020-06-304CVE-2020-5581
MISC
MISC
cybozu -- garoonPath traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.2020-06-304CVE-2020-5588
MISC
MISC
docker -- docker_desktopcom.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.2020-06-274.6CVE-2020-15360
MISC
MISC
ibm -- api_connectIBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.2020-06-295CVE-2020-4452
XF
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.2020-06-266.5CVE-2019-4650
XF
CONFIRM
ibm -- security_identity_manager_virtual_applianceIBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.2020-07-014CVE-2019-4705
XF
CONFIRM
ibm -- security_identity_manager_virtual_applianceIBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.2020-07-014CVE-2019-4706
XF
CONFIRM
ibm -- spectrum_protect_plusIBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.2020-06-264.3CVE-2020-4565
XF
CONFIRM
jiangmin -- jiangmin_antivirusIn Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.2020-06-264.9CVE-2020-14955
MISC
mattermost -- mattermost_mobile_appAn issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.2020-06-265CVE-2020-13891
CONFIRM
mediaarea -- mediainfoIn MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).2020-06-306.8CVE-2020-15395
MISC
MISC
mk-auth -- mk-authIBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.2020-07-014.3CVE-2019-4704
XF
CONFIRM
mk-auth -- mk-authAn issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code.2020-06-294.3CVE-2020-14071
MISC
MISC
mk-auth -- mk-authAn issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php.2020-06-294.6CVE-2020-14069
MISC
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.2020-06-264.3CVE-2020-15016
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.2020-06-264.3CVE-2020-15017
MISC
opensis -- opensisopenSIS through 7.4 allows Directory Traversal.2020-07-015CVE-2020-13383
MISC
MISC
opensis -- opensisopenSIS through 7.4 has Incorrect Access Control.2020-07-016.4CVE-2020-13382
MISC
MISC
prestashop -- prestashopIn PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.62020-07-024.3CVE-2020-15083
MISC
CONFIRM
prestashop -- prestashopIn PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.2020-07-025CVE-2020-15081
MISC
CONFIRM
wordpress -- wordpressThe Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.2020-06-284.3CVE-2020-15364
MISC
MISC
wordpress -- wordpressThe Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.2020-06-285CVE-2020-15363
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.2020-06-294.3CVE-2020-15319
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.2020-06-294.3CVE-2020-15314
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.2020-06-294.3CVE-2020-15313
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.2020-06-294.3CVE-2020-15312
MISC
MISC

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- magentoMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-263.5CVE-2020-9584
CONFIRM
adobe -- magentoForm Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.2020-06-293.5CVE-2020-13423
MISC
MISC
MISC
atlassian -- jira_server_and_data_centerThe attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.2020-07-013.5CVE-2020-4024
MISC
avast -- avast_antivirusAn elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.2020-06-292.1CVE-2020-13657
CONFIRM
CONFIRM
cybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.2020-06-303.5CVE-2020-5585
MISC
MISC
cybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.2020-06-303.5CVE-2020-5586
MISC
MISC
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.2020-06-263.5CVE-2020-4223
XF
CONFIRM
ibm -- security_identity_manager_virtual_applianceIBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.2020-07-012.1CVE-2019-4676
XF
CONFIRM
linux -- linux_kernelIn the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.2020-06-292.1CVE-2020-15393
MISC
MISC
openexr -- openexrAn issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.2020-06-262.1CVE-2020-15304
MISC
MISC
MISC
MISC
openexr -- openexrAn issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.2020-06-262.1CVE-2020-15305
MISC
MISC
MISC
MISC
openexr -- openexrAn issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.2020-06-262.1CVE-2020-15306
MISC
MISC
MISC
MISC
prestashop -- prestashopIn PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.7.6.2020-07-023.5CVE-2020-11074
MISC
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
mitsubishi_electric -- multiple_fa_engineering_software_productsUncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5603
MISC
MISC
activision -- call_of_duty_modern_warfare_2An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.2020-06-30not yet calculatedCVE-2019-20893
MISC
apache -- guacamoleApache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.2020-07-02not yet calculatedCVE-2020-9498
MLIST
MISC
apache -- guacamoleApache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.2020-07-02not yet calculatedCVE-2020-9497
MLIST
MLIST
MLIST
MISC
asrock -- rgb_driverAsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.2020-06-29not yet calculatedCVE-2020-15368
MISC
atlassian -- confluence_server_and_data_centerAtlassian Confluence Server and Data Center before version 7.5.1 allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros.2020-07-01not yet calculatedCVE-2020-4027
MISC
atlassian -- jiraThe /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.2020-07-01not yet calculatedCVE-2019-20408
MISC
atlassian -- jira_desk_server_and_data_centerThe /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.2020-07-01not yet calculatedCVE-2020-14166
MISC
atlassian -- jira_server_and_data_centerThe /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.2020-07-01not yet calculatedCVE-2020-4029
MISC
atlassian -- jira_server_and_data_centerThe file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.2020-07-03not yet calculatedCVE-2020-14173
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.2020-06-29not yet calculatedCVE-2019-20413
N/A
atlassian -- jira_server_and_data_centerThe attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.2020-07-01not yet calculatedCVE-2020-4025
MISC
atlassian -- jira_server_and_data_centerThe quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability2020-07-01not yet calculatedCVE-2020-14169
MISC
atlassian -- jira_server_and_data_centerThe MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.2020-07-01not yet calculatedCVE-2020-14167
MISC
atlassian -- jira_server_and_data_centerThe attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.2020-07-01not yet calculatedCVE-2020-4022
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1.2020-07-03not yet calculatedCVE-2020-14172
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via an Information Disclosure vulnerability. The vulnerability is only exploitable if WebSudo is disabled in Jira. The affected versions are before version 8.4.2.2020-07-02not yet calculatedCVE-2019-20417
MISC
atlassian -- jira_server_and_data_centerThe email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.2020-07-01not yet calculatedCVE-2020-14168
MISC
atlassian -- jira_server_and_data_centerThe Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.2020-06-29not yet calculatedCVE-2019-20412
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.2020-06-30not yet calculatedCVE-2019-20416
N/A
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.2020-07-03not yet calculatedCVE-2019-20419
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.2020-07-03not yet calculatedCVE-2019-20418
N/A
atlassian -- jira_server_and_data_centerAtlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.2020-06-30not yet calculatedCVE-2019-20415
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.2020-06-29not yet calculatedCVE-2019-20414
MISC
atlassian -- jira_server_and_data_centerThe WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.2020-07-01not yet calculatedCVE-2020-14164
MISC
atlassian -- jira_server_and_data_centerThe UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.2020-07-01not yet calculatedCVE-2020-14165
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.2020-06-29not yet calculatedCVE-2019-20411
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.2020-06-29not yet calculatedCVE-2019-20410
MISC
baxter -- exactamix_em2400_and_em1200_devicesBaxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.2020-06-29not yet calculatedCVE-2020-12020
MISC
baxter -- exactamix_em2400_and_em1200_devicesBaxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.2020-06-29not yet calculatedCVE-2020-12035
MISC
baxter -- exactamix_em2400_and_em1200_devicesBaxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.2020-06-29not yet calculatedCVE-2020-12032
MISC
baxter -- exactamix_em2400_and_em1200_devicesBaxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.2020-06-29not yet calculatedCVE-2020-12024
MISC
baxter -- exactamix_em_2400_and_em1200_devicesBaxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.2020-06-29not yet calculatedCVE-2020-12008
MISC
baxter -- multiple_exactamix_devicesBaxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.2020-06-29not yet calculatedCVE-2020-12012
MISC
baxter -- multiple_exactamix_devicesBaxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.2020-06-29not yet calculatedCVE-2020-12016
MISC
baxter -- multiple_sigma_spectrum_with_wireless_batteryThe Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials.2020-06-29not yet calculatedCVE-2020-12045
MISC
baxter -- multiple_sigma_spectrum_with_wireless_batteryThe Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.2020-06-29not yet calculatedCVE-2020-12041
MISC
baxter -- multiple_sigma_spectrum_with_wireless_batteryThe Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted.2020-06-29not yet calculatedCVE-2020-12043
MISC
baxter -- multiple_sigma_spectrum_with_wireless_batteryThe Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.2020-06-29not yet calculatedCVE-2020-12047
MISC
baxter -- phoenix_hemodialysis_delivery_systemPhoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.2020-06-29not yet calculatedCVE-2020-12048
MISC
baxter -- prismaflex_devicesBaxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.2020-06-29not yet calculatedCVE-2020-12036
MISC
baxter -- prismaflex_devicesBaxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.2020-06-29not yet calculatedCVE-2020-12037
MISC

baxter -- sigma_spectrum_infusion_pumps_35700bax_and_35700bax2

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.2020-06-29not yet calculatedCVE-2020-12039
MISC

baxter -- sigma_spectrum_infusion_pumps_35700bax_and_35700bax2

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.2020-06-29not yet calculatedCVE-2020-12040
MISC
bcrypt -- bcryptData is truncated wrong when its length is greater than 255 bytes.2020-07-01not yet calculatedCVE-2020-7689
MISC
MISC
MISC
MISC
best_it_world -- wrb303n_devicesiBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses.2020-06-29not yet calculatedCVE-2020-15043
MISC
MISC
biotronik -- cardiomessengeriiBIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.2020-06-29not yet calculatedCVE-2019-18248
MISC
biotronik -- cardiomessengeriiBIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.2020-06-29not yet calculatedCVE-2019-18252
MISC
biotronik -- cardiomessengeriiBIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.2020-06-29not yet calculatedCVE-2019-18254
MISC
biotronik -- cardiomessengeriiBIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.2020-06-29not yet calculatedCVE-2019-18256
MISC
biotronik -- cardiomessengerii_BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure.2020-06-29not yet calculatedCVE-2019-18246
MISC
broadcom -- brocade_network_advisorA vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.2020-06-29not yet calculatedCVE-2018-6446
MISC
cabsoftware -- reportexpress_proplusReportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).2020-06-29not yet calculatedCVE-2019-19160
MISC
MISC
cake_software_foundation -- cakephpCakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.2020-06-30not yet calculatedCVE-2020-15400
MISC
cellebrite -- ufedThe Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.2020-06-30not yet calculatedCVE-2020-14474
MISC
MISC
MISC
cisco -- digital_network_architecture_centerA vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.2020-07-02not yet calculatedCVE-2020-3391
CISCO
cisco -- identity_services_engineMultiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.2020-07-02not yet calculatedCVE-2020-3340
CISCO
cisco -- multiple_productsA vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2020-07-02not yet calculatedCVE-2020-3282
CISCO
cisco -- small_business_smart_and_managed_switchesA vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.2020-07-02not yet calculatedCVE-2020-3297
CISCO
cisco -- unified_customer_voice_portalA vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.2020-07-02not yet calculatedCVE-2020-3402
CISCO
commax -- cdp_1020mb_wallpadA Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.2020-06-30not yet calculatedCVE-2019-19163
MISC
MISC
containous -- traefikTraefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.2020-07-02not yet calculatedCVE-2019-20894
MISC
coturn -- coturnIn coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.2020-06-29not yet calculatedCVE-2020-4067
MISC
MISC
CONFIRM
MLIST
DEBIAN
cybozu -- garoonCybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5587
MISC
MISC
cybozu -- garoonCybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5584
MISC
MISC
cybozu -- garoonCybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5583
MISC
MISC
cybozu -- garoonCybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5582
MISC
MISC
cybozu -- garoonCybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5580
MISC
MISC
delta_electronics -- delta_industrial_automation_dopsoftDelta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.2020-06-30not yet calculatedCVE-2020-14482
MISC
donjon -- ledger_liveLedger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.2020-07-02not yet calculatedCVE-2020-12119
CONFIRM
envoy -- envoyEnvoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.2020-07-01not yet calculatedCVE-2020-8663
CONFIRM
MISC
envoy_proxy -- envoyEnvoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.2020-07-01not yet calculatedCVE-2020-12605
CONFIRM
MISC
envoy_proxy -- envoyEnvoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.2020-07-01not yet calculatedCVE-2020-12603
CONFIRM
MISC
envoy_proxy -- envoyEnvoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.2020-07-01not yet calculatedCVE-2020-12604
MISC
CONFIRM
express-jwt -- express-jwtIn express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.2020-06-30not yet calculatedCVE-2020-15084
MISC
CONFIRM
f5 -- big-ipIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.2020-07-01not yet calculatedCVE-2020-5904
MISC
f5 -- big-ipIn versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.2020-07-01not yet calculatedCVE-2020-5908
MISC
f5 -- big-ipIn version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.2020-07-01not yet calculatedCVE-2020-5905
MISC
f5 -- big-ipIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.2020-07-01not yet calculatedCVE-2020-5903
MISC
f5 -- big-ipIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.2020-07-01not yet calculatedCVE-2020-5907
MISC
f5 -- big-ipIn versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.2020-07-01not yet calculatedCVE-2020-5906
MISC
factorfx -- ocs_inventoryOCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.2020-06-30not yet calculatedCVE-2020-14947
MISC
MISC
MISC
MISC
ffjpeg -- ffjpegffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.2020-07-01not yet calculatedCVE-2020-15470
MISC
github -- githubThe table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.2020-07-01not yet calculatedCVE-2020-5238
MISC
CONFIRM
hcl -- domino"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."2020-07-01not yet calculatedCVE-2017-1712
MISC
hcl -- inotes"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."2020-07-01not yet calculatedCVE-2017-1659
MISC
hcl -- notesHCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.2020-06-26not yet calculatedCVE-2020-4089
CONFIRM
human_talk -- daview_indy_and_dava+_and_daoffice_softwaresA vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.2020-06-30not yet calculatedCVE-2020-7816
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.2020-06-29not yet calculatedCVE-2020-4557
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.2020-07-01not yet calculatedCVE-2020-4386
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.2020-07-01not yet calculatedCVE-2020-4414
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.2020-07-01not yet calculatedCVE-2020-4420
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.2020-07-01not yet calculatedCVE-2020-4387
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.2020-07-01not yet calculatedCVE-2020-4355
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.2020-07-01not yet calculatedCVE-2020-4363
XF
CONFIRM

ibm -- mq_and_mq_appliance_and_mq_for_hpe_nonstop

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.2020-07-01not yet calculatedCVE-2020-4376
XF
CONFIRM
ifax_solutions -- hylafax+_and_hylafax_enterpriseIn HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.2020-06-30not yet calculatedCVE-2020-15396
MISC
MISC
ifax_solutions -- hylafax+_and_hylafax_enterpriseHylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).2020-06-30not yet calculatedCVE-2020-15397
MISC
MISC
iobit -- malware_fighter_proIOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.2020-06-30not yet calculatedCVE-2020-15401
MISC
jenkins -- jenkinsJenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.2020-07-02not yet calculatedCVE-2020-2219
MLIST
CONFIRM
jenkins -- jenkinsJenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.2020-07-02not yet calculatedCVE-2020-2201
MLIST
CONFIRM
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.2020-07-02not yet calculatedCVE-2020-2215
MLIST
CONFIRM
jenkins -- jenkinsA missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.2020-07-02not yet calculatedCVE-2020-2216
MLIST
CONFIRM
jenkins -- jenkinsJenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.2020-07-02not yet calculatedCVE-2020-2217
MLIST
CONFIRM
jenkins -- jenkinsJenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.2020-07-02not yet calculatedCVE-2020-2209
MLIST
CONFIRM
jenkins -- jenkinsJenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.2020-07-02not yet calculatedCVE-2020-2208
MLIST
CONFIRM
jenkins -- jenkinsA missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.2020-07-02not yet calculatedCVE-2020-2202
MLIST
CONFIRM
jenkins -- jenkinsJenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.2020-07-02not yet calculatedCVE-2020-2218
MLIST
CONFIRM
jenkins -- jenkinsJenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-07-02not yet calculatedCVE-2020-2210
MLIST
CONFIRM
jenkins -- jenkinsJenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.2020-07-02not yet calculatedCVE-2020-2205
MLIST
CONFIRM
jenkins -- jenkinsJenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.2020-07-02not yet calculatedCVE-2020-2212
MLIST
CONFIRM
jenkins -- jenkinsJenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.2020-07-02not yet calculatedCVE-2020-2214
MLIST
CONFIRM
jenkins -- jenkinsJenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system.2020-07-02not yet calculatedCVE-2020-2213
MLIST
CONFIRM
jenkins -- jenkinsJenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-07-02not yet calculatedCVE-2020-2211
MLIST
CONFIRM
jenkins -- jenkinsJenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.2020-07-02not yet calculatedCVE-2020-2207
MLIST
CONFIRM
jenkins -- jenkinsJenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.2020-07-02not yet calculatedCVE-2020-2206
MLIST
CONFIRM
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.2020-07-02not yet calculatedCVE-2020-2203
MLIST
CONFIRM
jenkins -- jenkinsA missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.2020-07-02not yet calculatedCVE-2020-2204
MLIST
CONFIRM
journal -- journalThe Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.2020-07-01not yet calculatedCVE-2020-15478
MISC
MISC
MISC
klokan_technologies -- tileserver_glAn issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.2020-07-01not yet calculatedCVE-2020-15500
MISC
koa-shopify-auth -- koa-shopify-authA cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.2020-07-02not yet calculatedCVE-2020-8176
MISC
MISC
lead_technologies -- leadtoolsAn exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.2020-07-01not yet calculatedCVE-2020-6089
MISC
libraw -- librawLibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.2020-06-28not yet calculatedCVE-2020-15365
MISC
MISC
libraw -- librawLibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.2020-07-02not yet calculatedCVE-2020-15503
MISC
MISC
MISC
libvncserver -- libvncserverIt was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.2020-06-30not yet calculatedCVE-2017-18922
MLIST
MISC
MISC
MISC
linkplay_technology -- multiple_devicesAn issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.2020-07-01not yet calculatedCVE-2019-15310
MISC
MISC
MISC
locutus -- locutusphp/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.2020-07-01not yet calculatedCVE-2020-13619
MISC
MISC
MISC
magento -- magentoXSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field.2020-06-29not yet calculatedCVE-2020-12635
MISC
MISC
maipu -- mp_1800x_50_devicesThe web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653.2020-06-29not yet calculatedCVE-2020-13896
MISC
mavlink -- micro_air_vehicle_link_protocolThis vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.2020-07-03not yet calculatedCVE-2020-10281
CONFIRM
mavlink -- micro_air_vehicle_link_protocolThe Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.2020-07-03not yet calculatedCVE-2020-10282
CONFIRM
mcafee -- network_security_managementExposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).2020-07-03not yet calculatedCVE-2020-7284
MISC
mcafee -- total_protectionPrivilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.2020-07-03not yet calculatedCVE-2020-7281
CONFIRM
mcafee -- total_protectionPrivilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.2020-07-03not yet calculatedCVE-2020-7282
CONFIRM
mcafee -- total_protectionPrivilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.2020-07-03not yet calculatedCVE-2020-7283
CONFIRM
mirumee -- saleor_storefrontIn Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.2020-06-30not yet calculatedCVE-2020-15085
MISC
MISC
CONFIRM
misp -- mispAn issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.2020-06-30not yet calculatedCVE-2020-15412
MISC
misp -- mispAn issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.2020-06-30not yet calculatedCVE-2020-15411
MISC
mitsubishi_electric -- multiple_fa_engineering_software_productsMitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5602
MISC
MISC
monsta -- monsta_ftpMonsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.2020-07-01not yet calculatedCVE-2020-14057
MISC
MISC
monsta -- monsta_ftpMonsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.2020-07-01not yet calculatedCVE-2020-14056
MISC
MISC
monsta -- monsta_ftpMonsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.2020-07-01not yet calculatedCVE-2020-14055
MISC
MISC
mversion -- mversionThe issue occurs because tagName user input is formatted inside the exec function is executed without any checks.2020-07-01not yet calculatedCVE-2020-7688
MISC
MISC
MISC
national_tax_agency -- e-taxChrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.2020-06-30not yet calculatedCVE-2020-5601
MISC
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)2020-06-29not yet calculatedCVE-2020-14412
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)2020-06-29not yet calculatedCVE-2020-14414
MISC
nedi_consulting -- nediNeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.2020-06-29not yet calculatedCVE-2020-14413
MISC
netapp -- hci_h610s_baseboard_management_controllerThe NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 the H610S BMC account password is reset to the default documented value which allows remote attackers to cause a Denial of Service (DoS).2020-06-29not yet calculatedCVE-2020-8573
MISC
nextcloud -- nextcloud_deckImproper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.2020-07-02not yet calculatedCVE-2020-8179
MISC
MISC
nginx -- nginxIn NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.2020-07-01not yet calculatedCVE-2020-5899
MISC
nginx -- nginxIn versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.2020-07-01not yet calculatedCVE-2020-5900
MISC
nginx -- nginxIn NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.2020-07-01not yet calculatedCVE-2020-5901
MISC
nginx -- nginxIn versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.2020-07-02not yet calculatedCVE-2020-5909
MISC
nginx -- nginxIn versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.2020-07-02not yet calculatedCVE-2020-5910
MISC
nginx -- nginxIn versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.2020-07-02not yet calculatedCVE-2020-5911
MISC
nozomi_networks -- guardianNozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.2020-06-30not yet calculatedCVE-2020-15307
MISC
nozomi_networks -- guardian_osNozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.2020-06-30not yet calculatedCVE-2020-7049
MISC
ntop -- ndpiIn nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.2020-07-01not yet calculatedCVE-2020-15476
MISC
MISC
ntop -- ndpiIn nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.2020-07-01not yet calculatedCVE-2020-15471
MISC
ntop -- ndpiIn nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.2020-07-01not yet calculatedCVE-2020-15475
MISC
ntop -- ndpiIn nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.2020-07-01not yet calculatedCVE-2020-15474
MISC
ntop -- ndpiIn nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.2020-07-01not yet calculatedCVE-2020-15473
MISC
ntop -- ndpiIn nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.2020-07-01not yet calculatedCVE-2020-15472
MISC
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5968
CONFIRM
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5970
CONFIRM
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5969
CONFIRM
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5972
CONFIRM
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5971
CONFIRM
nvidia -- virtual_gpu_managerNVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).2020-06-30not yet calculatedCVE-2020-5973
CONFIRM
UBUNTU
UBUNTU
oauth2_proxy -- oauth2_proxyIn OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0.2020-06-29not yet calculatedCVE-2020-4037
MISC
CONFIRM
objective_development_software -- little_snitchLittle Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.2020-06-30not yet calculatedCVE-2020-13095
MISC
october -- october_cmsIn October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.2020-07-02not yet calculatedCVE-2020-4061
MISC
CONFIRM
MISC
openbsd -- opensshThe client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).2020-06-29not yet calculatedCVE-2020-14145
MISC
MISC
openjpeg -- openjpegjp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.2020-06-29not yet calculatedCVE-2020-15389
MISC
MISC
palo_alto_networks -- pan-osWhen Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.2020-06-29not yet calculatedCVE-2020-2021
CONFIRM

persian_vip_download_script -- persian_vip_download_script

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.2020-07-01not yet calculatedCVE-2020-15468
MISC
phoenix_contact -- pc_worx_and_pc_worx_expressmwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.2020-07-01not yet calculatedCVE-2020-12498
CONFIRM
phoenix_contact -- pc_worx_and_pc_worx_expressPLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.2020-07-01not yet calculatedCVE-2020-12497
CONFIRM
powerdns -- recursorIn PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.2020-07-01not yet calculatedCVE-2020-14196
CONFIRM
CONFIRM
prestashop -- prestashopIn PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.2020-07-02not yet calculatedCVE-2020-15080
MISC
CONFIRM
prestashop -- prestashopIn PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.62020-07-02not yet calculatedCVE-2020-15079
MISC
CONFIRM
presto -- prestoIn Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.2020-06-30not yet calculatedCVE-2020-15087
CONFIRM
MISC
putty -- puttyPuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).2020-06-29not yet calculatedCVE-2020-14002
MISC
MISC
MISC
python -- pythonIn Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.2020-07-04not yet calculatedCVE-2020-15523
MISC
MISC
qemu -- qemuIn QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.2020-07-02not yet calculatedCVE-2020-15469
CONFIRM
MISC
qnap -- kayako_serviceThis improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.2020-07-01not yet calculatedCVE-2020-2500
CONFIRM
rack -- rackA directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.2020-07-02not yet calculatedCVE-2020-8161
MISC
MISC
red_hat -- ceph_storage_radosgwA flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.2020-06-26not yet calculatedCVE-2020-10753
SUSE
CONFIRM
FEDORA
ruby_on_rails -- ruby_on_railsThe is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.2020-07-02not yet calculatedCVE-2020-8163
MISC
MISC
ruby_on_rails -- ruby_on_railsA denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.2020-07-02not yet calculatedCVE-2020-8185
MISC
MISC
ruby_on_rails -- ruby_on_railsA CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.2020-07-02not yet calculatedCVE-2020-8166
MISC
MISC
sap -- solution_managerSAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.2020-07-01not yet calculatedCVE-2020-6261
MISC
MISC
sophos -- xg_firewallSophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.2020-06-29not yet calculatedCVE-2020-15069
CONFIRM
squid -- squidAn issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.2020-06-30not yet calculatedCVE-2020-14058
CONFIRM
MISC
MISC
squid -- squidAn issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.2020-06-30not yet calculatedCVE-2020-14059
CONFIRM
MISC
squid -- squidAn issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.2020-06-30not yet calculatedCVE-2020-15049
MISC
MISC
CONFIRM
suse -- multiple_productsA UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.2020-06-29not yet calculatedCVE-2020-8014
CONFIRM
suse -- multiple_productsA UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.2020-06-29not yet calculatedCVE-2020-8019
CONFIRM
suse -- multiple_productsA Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.2020-06-29not yet calculatedCVE-2020-8022
SUSE
CONFIRM
suse -- multiple_productsA Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.2020-06-29not yet calculatedCVE-2020-8024
CONFIRM
suse -- multiple_productsA External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .2020-06-29not yet calculatedCVE-2019-3681
CONFIRM
synacor -- zimbra_collaboration_suiteAn XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.2020-07-02not yet calculatedCVE-2020-13653
MISC
CONFIRM
MISC
MISC
tendermint -- tendermintTenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit.2020-07-02not yet calculatedCVE-2020-15091
MISC
MISC
CONFIRM
thingsdk -- wifi_scannerwifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.2020-06-29not yet calculatedCVE-2020-15362
MISC
tibco_software -- multiple_productsThe MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.2020-06-30not yet calculatedCVE-2020-9413
CONFIRM
tibco_software -- multiple_productsThe MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.2020-06-30not yet calculatedCVE-2020-9414
CONFIRM
tobesoft -- cymiinstaller322CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.2020-06-30not yet calculatedCVE-2019-19161
MISC
MISC
tobesoft -- nexacro14/17_excommonapiv13Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC2020-07-02not yet calculatedCVE-2020-7820
CONFIRM
CONFIRM
tobesoft -- nexacro14/17_excommonapiv13Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC2020-07-02not yet calculatedCVE-2020-7821
CONFIRM
CONFIRM
unifi -- protectWe have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.2020-07-02not yet calculatedCVE-2020-8188
MISC
MISC
MISC
veeam_software -- veeam_availability_suiteVeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.2020-07-03not yet calculatedCVE-2020-15518
MISC
wavlink -- wl-wn530hg4_devicesAn issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.2020-07-01not yet calculatedCVE-2020-15489
MISC
wavlink -- wl-wn530hg4_devicesAn issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)2020-07-01not yet calculatedCVE-2020-15490
MISC
windows_cleaning_assistant -- windows_cleaning_assistantIn Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD.2020-06-30not yet calculatedCVE-2020-14957
MISC
MISC
windows_cleaning_assistant -- windows_cleaning_assistantIn Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA.2020-06-30not yet calculatedCVE-2020-14956
MISC
MISC
wordpress -- wordpressThe CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.2020-07-02not yet calculatedCVE-2020-14092
MISC
MISC
MISC
xrdp-sesman -- xrdp-sesmanThe xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.2020-06-30not yet calculatedCVE-2020-4044
MISC
MISC
CONFIRM
zolo -- halo_devicesAn issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet.2020-07-01not yet calculatedCVE-2019-15312
MISC
MISC
MISC
zolo -- halo_devicesAn issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities.2020-07-01not yet calculatedCVE-2019-15311
MISC
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.2020-06-29not yet calculatedCVE-2020-15315
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.2020-06-29not yet calculatedCVE-2020-15323
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.2020-06-29not yet calculatedCVE-2020-15318
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.2020-06-29not yet calculatedCVE-2020-15316
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.2020-06-29not yet calculatedCVE-2020-15317
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.2020-06-29not yet calculatedCVE-2020-15321
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.2020-06-29not yet calculatedCVE-2020-15322
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.