Bulletin (SB20-195)

Vulnerability Summary for the Week of July 6, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1. 2020-07-03 7.5 CVE-2020-14172
MISC
gog -- galaxy_client
 
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks. 2020-07-05 9.3 CVE-2020-15529
MISC
gog -- galaxy_client
 
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks. 2020-07-05 9.3 CVE-2020-15528
MISC
google -- android
 
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020). 2020-07-07 7.1 CVE-2020-15584
CONFIRM
mobileiron -- core_and_connector
 
An Authentication Bypass vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass authentication mechanisms via unspecified vectors. 2020-07-07 7.5 CVE-2020-15506
MISC
mobileiron -- core_and_connector
 
A remote code execution vulnerability in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. 2020-07-07 7.5 CVE-2020-15505
MISC
mozilla -- firefox
 
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. 2020-07-09 7.6 CVE-2020-12422
MISC
MISC
mozilla -- firefox
 
Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77. 2020-07-09 9.3 CVE-2020-12411
MISC
MISC
mozilla -- firefox
 
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. 2020-07-09 9.3 CVE-2020-12416
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. 2020-07-09 9.3 CVE-2020-12406
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. 2020-07-09 9.3 CVE-2020-12410
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. 2020-07-09 9.3 CVE-2020-12420
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. 2020-07-09 9.3 CVE-2020-12419
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. 2020-07-09 9.3 CVE-2020-12417
MISC
MISC
MISC
MISC
phpzag -- phpzag
 
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql 2020-07-07 7.5 CVE-2020-8519
MLIST
MISC
MISC
phpzag -- phpzag
 
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql 2020-07-07 7.5 CVE-2020-8520
MLIST
MISC
MISC
phpzag -- phpzag
 
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql 2020-07-07 7.5 CVE-2020-8521
MLIST
MISC
MISC
solarwinds -- serv-u_ftp_server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. 2020-07-05 7.5 CVE-2020-15541
MISC
we-com -- opendata_cms
 
We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. 2020-07-05 7.5 CVE-2020-15540
MISC
MISC
webchess -- webchess
 
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. 2020-07-07 7.5 CVE-2019-20896
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-06 6.8 CVE-2019-8249
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-06 6.8 CVE-2019-8250
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. 2020-07-06 4.3 CVE-2019-8251
CONFIRM
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. 2020-07-03 4.4 CVE-2019-20419
MISC
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. 2020-07-03 4 CVE-2019-20418
N/A
electron -- electron
 
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. 2020-07-07 4 CVE-2020-15096
CONFIRM
MISC
huawei -- hisuite
 
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. 2020-07-06 4.4 CVE-2020-9100
MISC
huawei -- mate_30_smartphones
 
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. 2020-07-06 6.8 CVE-2020-9262
MISC
huawei -- mate_30_smartphones
 
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. 2020-07-06 6.8 CVE-2020-9261
MISC
huawei -- p30_smartphones
 
HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. 2020-07-06 4.3 CVE-2020-9226
MISC
milkytracker -- playergeneric
 
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. 2020-07-06 4.3 CVE-2020-15569
MISC
mobileiron -- core_and_connector
 
An arbitrary file reading vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to read files on the system via unspecified vectors. 2020-07-07 5 CVE-2020-15507
MISC
mods_for_hesk -- mods_for_hesk An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. 2020-07-09 4.3 CVE-2020-13992
MISC
mozilla -- firefox
 
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. 2020-07-09 4.3 CVE-2020-12424
MISC
MISC
mozilla -- firefox
 
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. 2020-07-09 4.3 CVE-2020-12415
MISC
MISC
mozilla -- firefox
 
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. 2020-07-09 4.3 CVE-2020-12425
MISC
MISC
mozilla -- firefox
 
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. 2020-07-09 4.3 CVE-2020-12412
MISC
MISC
mozilla -- firefox
 
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. 2020-07-09 6.8 CVE-2020-12409
MISC
MISC
mozilla -- firefox
 
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. 2020-07-09 4.3 CVE-2020-12402
MISC
MISC
mozilla -- firefox
 
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. 2020-07-09 4.3 CVE-2020-12408
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. 2020-07-09 4.3 CVE-2020-12418
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. 2020-07-09 6.8 CVE-2018-12371
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. 2020-07-09 4.3 CVE-2020-12421
MISC
MISC
MISC
MISC

mozilla -- firefox_and_firefox_esr_and_thunderbird

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. 2020-07-09 4.3 CVE-2020-12399
MISC
MISC
MISC
MISC
mozilla -- firefox_for_ios
 
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. 2020-07-09 4.3 CVE-2020-12404
MISC
MISC
mozilla -- firefox_for_ios
 
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. 2020-07-09 4.3 CVE-2020-12414
MISC
MISC
parallax -- jspdf
 
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. 2020-07-06 4.3 CVE-2020-7691
MISC
MISC
MISC
MISC
MISC
phplist -- phplist
 
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. 2020-07-08 6.5 CVE-2020-15072
MISC
CONFIRM
CONFIRM
samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020). 2020-07-07 4.3 CVE-2020-15582
CONFIRM
samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020). 2020-07-07 5 CVE-2020-15579
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). 2020-07-07 5 CVE-2020-15581
CONFIRM
victor_cms -- victor_cms
 
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. 2020-07-07 4.3 CVE-2020-15599
CONFIRM
whoopsie -- whoopsie
 
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. 2020-07-06 4.3 CVE-2020-15570
MISC
MISC
MISC
MISC
wireshark -- wireshark
 
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. 2020-07-05 5 CVE-2020-15466
MISC
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. 2020-07-05 4.3 CVE-2020-15535
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. 2020-07-05 4.3 CVE-2020-15537
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atlassian -- jira_server_and_data_center
 
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. 2020-07-03 3.5 CVE-2020-14173
MISC
huawei -- mate_30_pro_smartphones
 
HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. 2020-07-06 1.9 CVE-2020-1838
MISC
huawei -- mate_30_smartphones
 
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. 2020-07-06 3.7 CVE-2020-1839
MISC
huawei -- p30_smartphones
 
HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. 2020-07-06 2.9 CVE-2020-1836
MISC
mozilla -- firefox
 
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77. 2020-07-09 2.6 CVE-2020-12407
MISC
MISC
mozilla -- firefox_and_firefox_esr_and_thunderbird
 
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. 2020-07-09 2.6 CVE-2020-12405
MISC
MISC
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. 2020-07-07 3.5 CVE-2020-15034
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. 2020-07-07 3.5 CVE-2020-15035
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. 2020-07-07 3.5 CVE-2020-15032
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. 2020-07-07 3.5 CVE-2020-15033
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. 2020-07-07 3.5 CVE-2020-15030
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. 2020-07-07 3.5 CVE-2020-15031
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. 2020-07-07 3.5 CVE-2020-15029
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. 2020-07-07 3.5 CVE-2020-15028
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. 2020-07-07 3.5 CVE-2020-15036
MISC
MISC
nedi_consulting -- nedi
 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. 2020-07-07 3.5 CVE-2020-15037
MISC
MISC
phplist -- phplist
 
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. 2020-07-08 3.5 CVE-2020-15073
MISC
CONFIRM
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020). 2020-07-07 2.1 CVE-2020-15583
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020). 2020-07-07 2.1 CVE-2020-15577
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). 2020-07-07 2.1 CVE-2020-15578
CONFIRM
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020). 2020-07-07 2.1 CVE-2020-15580
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-06 not yet calculated CVE-2019-8066
CONFIRM
adobe -- acrobat_and_acrobat_reader
 
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. 2020-07-06 not yet calculated CVE-2019-8252
CONFIRM
amazon_web_services -- tough
 
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation. 2020-07-09 not yet calculated CVE-2020-15093
MISC
CONFIRM
MISC
MISC
apache -- camel
 
Server-Side Template Injection and arbitrary file disclosure on Camel templating components 2020-07-08 not yet calculated CVE-2020-11994
MISC

atlassian -- bitbucket_server

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. 2020-07-09 not yet calculated CVE-2020-14171
MISC
atlassian -- bitbucket_server
 
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. 2020-07-09 not yet calculated CVE-2020-14170
MISC
bareos -- bareos
 
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10. 2020-07-10 not yet calculated CVE-2020-11061
MISC
CONFIRM
bareos -- bareos
 
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8. 2020-07-10 not yet calculated CVE-2020-4042
MISC
CONFIRM
boiteasite -- cmsuno
 
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. 2020-07-07 not yet calculated CVE-2020-15600
CONFIRM
checkpoint -- zonealarm_firewall_and_antivirus ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. 2020-07-06 not yet calculated CVE-2020-6013
MISC
citrix -- application_delivery_controller_and_gateway Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. 2020-07-10 not yet calculated CVE-2020-8197
MISC
citrix -- application_delivery_controller_and_gateway Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. 2020-07-10 not yet calculated CVE-2020-8190
MISC
citrix -- application_delivery_controller_and_gateway
 
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. 2020-07-10 not yet calculated CVE-2020-8187
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. 2020-07-10 not yet calculated CVE-2020-8194
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. 2020-07-10 not yet calculated CVE-2020-8195
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. 2020-07-10 not yet calculated CVE-2020-8196
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. 2020-07-10 not yet calculated CVE-2020-8193
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). 2020-07-10 not yet calculated CVE-2020-8198
MISC
citrix -- application_delivery_controller_and_gateway_and_sdwan_wan-op
 
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). 2020-07-10 not yet calculated CVE-2020-8191
MISC
citrix -- gateway_plug-in_for_linux Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. 2020-07-10 not yet calculated CVE-2020-8199
MISC
code42_software -- code42
 
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection. 2020-07-07 not yet calculated CVE-2020-12736
CONFIRM
MISC
d-link -- dr-610_devices ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-07-09 not yet calculated CVE-2020-9377
MISC
CONFIRM
MISC
d-link -- dr-610_devices
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-07-09 not yet calculated CVE-2020-9376
MISC
CONFIRM
MISC
dell -- emc_data_protection_advisor
 
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. 2020-07-06 not yet calculated CVE-2020-5352
MISC
dell -- emc_idrac9
 
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. 2020-07-09 not yet calculated CVE-2020-5366
MISC
dell -- emc_isilon_onefs_and_emc_powerscale
 
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. 2020-07-06 not yet calculated CVE-2020-5371
MISC
dell -- emc_powerstore
 
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. 2020-07-06 not yet calculated CVE-2020-5372
MISC
dell -- emc_vxrail Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. 2020-07-06 not yet calculated CVE-2020-5368
MISC

dell -- powerprotect_data_manager_and_powerprotect_x400

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. 2020-07-06 not yet calculated CVE-2020-5356
MISC
devcert -- devcert
 
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. 2020-07-10 not yet calculated CVE-2020-8186
MISC
django-two-factor-auth --
django-two-factor-auth
 
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading. 2020-07-10 not yet calculated CVE-2020-15105
MISC
MISC
CONFIRM
eclipse -- jetty
 
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). 2020-07-09 not yet calculated CVE-2019-17638
CONFIRM
electron -- electron
 
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. 2020-07-07 not yet calculated CVE-2020-4077
CONFIRM
MISC
electron -- electron
 
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. 2020-07-07 not yet calculated CVE-2020-4076
CONFIRM
MISC
electron -- electron
 
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. 2020-07-07 not yet calculated CVE-2020-4075
CONFIRM
MISC
freebsd -- freebsd In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. 2020-07-09 not yet calculated CVE-2020-7458
MISC
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. 2020-07-09 not yet calculated CVE-2020-7457
MISC
geovision -- door_access_control_device Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. 2020-07-08 not yet calculated CVE-2020-3931
CONFIRM
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. 2020-07-07 not yet calculated CVE-2020-15525
CONFIRM
MISC
MISC
google -- openthread_wpantund
 
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments. 2020-07-07 not yet calculated CVE-2020-8916
CONFIRM
google-oauth-client -- google-oauth-client PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. 2020-07-09 not yet calculated CVE-2020-7692
MISC
MISC
MISC
MISC
MISC
gossipsub -- gossipsub
 
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. 2020-07-07 not yet calculated CVE-2020-12821
MISC
CONFIRM
CONFIRM
MISC
MISC
hcl -- appscan_enterprise "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." 2020-07-07 not yet calculated CVE-2019-4324
CONFIRM
MISC
hcl -- appscan_enterprise
 
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." 2020-07-07 not yet calculated CVE-2019-4323
MISC
CONFIRM
hibernate -- orm
 
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. 2020-07-06 not yet calculated CVE-2019-14900
MISC
hpe -- icewall_sso_dfw_and_dgfw
 
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess 2020-07-08 not yet calculated CVE-2020-7140
MISC
huawei -- changxiang_8_plus
 
ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition. 2020-07-06 not yet calculated CVE-2020-1837
MISC
huawei -- multiple_products
 
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. 2020-07-08 not yet calculated CVE-2019-19415
CONFIRM
huawei -- multiple_products
 
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. 2020-07-08 not yet calculated CVE-2019-19416
CONFIRM
huawei -- multiple_products
 
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. 2020-07-08 not yet calculated CVE-2019-19417
CONFIRM
huawei -- p30_and_p30_pro_smartphones
 
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. 2020-07-10 not yet calculated CVE-2020-9260
MISC
huawei -- p30_smartphones HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. 2020-07-10 not yet calculated CVE-2020-9258
MISC
ibm -- guardium_activity_insights
 
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. 2020-07-09 not yet calculated CVE-2020-4173
XF
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. 2020-07-09 not yet calculated CVE-2020-4305
XF
CONFIRM
icehrm -- icehrm
 
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-07-10 not yet calculated CVE-2020-6114
MISC
idera -- froala_wysiwyg_editor Froala Editor before 3.0.6 allows XSS. 2020-07-07 not yet calculated CVE-2019-19935
MISC
MISC
libslirp -- libslirp
 
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. 2020-07-09 not yet calculated CVE-2020-10756
MISC
mavlink -- micro_air_vehicle_link_protocol
 
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. 2020-07-03 not yet calculated CVE-2020-10282
CONFIRM
mavlink -- micro_air_vehicle_link_protocol
 
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic. 2020-07-03 not yet calculated CVE-2020-10281
CONFIRM
mcafee -- mcafee_total_protection
 
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7281
CONFIRM
mcafee -- mcafee_total_protection
 
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7282
CONFIRM
mcafee -- mcafee_total_protection
 
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. 2020-07-03 not yet calculated CVE-2020-7283
CONFIRM
mcafee -- network_security_management Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). 2020-07-03 not yet calculated CVE-2020-7284
MISC
mercari -- mercari
 
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView. 2020-07-09 not yet calculated CVE-2020-5604
MISC
micro_focus -- identity_manager
 
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. 2020-07-08 not yet calculated CVE-2020-11849
MISC
MISC
mitsubishi_electric -- got2000_series_devices TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5599
MISC
MISC
mitsubishi_electric -- got2000_series_devices TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5598
MISC
MISC
mitsubishi_electric -- got2000_series_devices TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5600
MISC
MISC
mitsubishi_electric -- got2000_series_devices
 
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5596
MISC
MISC
mitsubishi_electric -- got2000_series_devices
 
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5595
MISC
MISC
mitsubishi_electric -- got2000_series_devices
 
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. 2020-07-07 not yet calculated CVE-2020-5597
MISC
MISC
mods_for_hesk -- mods_for_hesk
 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. 2020-07-09 not yet calculated CVE-2020-13994
MISC
mods_for_hesk -- mods_for_hesk
 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. 2020-07-09 not yet calculated CVE-2020-13993
MISC
mozilla -- firefox When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. 2020-07-09 not yet calculated CVE-2020-12423
MISC
MISC
mozilla -- firefox
 
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. 2020-07-09 not yet calculated CVE-2020-12426
MISC
MISC
mozilla -- thunderbird
 
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. 2020-07-09 not yet calculated CVE-2020-12398
MISC
MISC
mx_player -- mx_player_for_android
 
MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. 2020-07-08 not yet calculated CVE-2020-5764
MISC
nextcloud -- nextcloud_contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. 2020-07-10 not yet calculated CVE-2020-8181
MISC
MISC
nordic_semiconductor -- android_ble_library_and_dfu_library
 
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). 2020-07-07 not yet calculated CVE-2020-15509
MISC
MISC
MISC
northwestern_university_knight_lab -- timelinejs In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is "sanitized" before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to "pin" their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS. 2020-07-09 not yet calculated CVE-2020-15092
CONFIRM
MISC
npm -- cli
 
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. 2020-07-07 not yet calculated CVE-2020-15095
MISC
MISC
CONFIRM
nvidia -- jetpack_sdk
 
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges. 2020-07-08 not yet calculated CVE-2020-5974
CONFIRM
osquery -- osquery
 
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0. 2020-07-10 not yet calculated CVE-2020-11081
MISC
MISC
MISC
MISC
CONFIRM
palo_alto_networks -- pan-os
 
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services. 2020-07-08 not yet calculated CVE-2020-2030
MISC
palo_alto_networks -- pan-os
 
An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. This issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services. 2020-07-08 not yet calculated CVE-2020-2031
MISC
palo_alto_networks -- pan-os
 
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue. 2020-07-08 not yet calculated CVE-2020-1982
MISC
palo_alto_networks -- pan-os_globalprotect
 
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability. 2020-07-08 not yet calculated CVE-2020-2034
MISC
parallax -- jspdf
 
In all versions of package jspdf, it is possible to inject JavaScript code via the html method. 2020-07-06 not yet calculated CVE-2020-7690
MISC
MISC
MISC
MISC
MISC
MISC
python -- python
 
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. 2020-07-04 not yet calculated CVE-2020-15523
MISC
MISC
raonwiz -- raonwiz RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows. 2020-07-10 not yet calculated CVE-2020-7814
MISC
realtek -- multiple_devices
 
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. 2020-07-06 not yet calculated CVE-2020-9395
MISC
MISC
MISC
redgate -- sql_monitor
 
In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7. 2020-07-09 not yet calculated CVE-2020-15526
CONFIRM
riot -- riot
 
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow. 2020-07-07 not yet calculated CVE-2020-15350
MISC
MISC
roundcube -- roundcube_webmail
 
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. 2020-07-06 not yet calculated CVE-2020-15562
MISC
MISC
MISC
MISC
DEBIAN
samba -- samba
 
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. 2020-07-06 not yet calculated CVE-2020-14303
MISC
CONFIRM
MISC
samba -- samba
 
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. 2020-07-07 not yet calculated CVE-2020-10730
MISC
MISC
samba -- samba
 
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. 2020-07-07 not yet calculated CVE-2020-10745
MISC
MISC
samba -- samba
 
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. 2020-07-06 not yet calculated CVE-2020-10760
MISC
UBUNTU
MISC
shirasagi -- shirasagi
 
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2020-07-10 not yet calculated CVE-2020-5607
MISC
MISC
MISC
MISC
MISC
sockjs -- sockjs
 
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. 2020-07-09 not yet calculated CVE-2020-7693
MISC
MISC
MISC
MISC
MISC
MISC
solarwinds -- serv-u_ftp_server SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. 2020-07-07 not yet calculated CVE-2020-15574
CONFIRM
solarwinds -- serv-u_ftp_server SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. 2020-07-05 not yet calculated CVE-2020-15542
MISC
solarwinds -- serv-u_ftp_server SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. 2020-07-07 not yet calculated CVE-2020-15575
CONFIRM
solarwinds -- serv-u_ftp_server SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. 2020-07-07 not yet calculated CVE-2020-15573
CONFIRM
solarwinds -- serv-u_ftp_server SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. 2020-07-05 not yet calculated CVE-2020-15543
MISC
solarwinds -- serv-u_ftp_server SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. 2020-07-07 not yet calculated CVE-2020-15576
CONFIRM
sophos -- xg_firewall
 
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. 2020-07-10 not yet calculated CVE-2020-15504
CONFIRM
symantec -- endpoint_detection_and_response Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. 2020-07-08 not yet calculated CVE-2020-5839
MISC
tableau -- tableau_server A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. 2020-07-08 not yet calculated CVE-2020-6938
MISC
MISC
telefonica_germany -- o2_business_for_android
 
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. 2020-07-07 not yet calculated CVE-2020-11882
MISC
MISC
tobesoft -- xplatform XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows. 2020-07-10 not yet calculated CVE-2020-7815
MISC
MISC
typo3 -- typo3 The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. 2020-07-07 not yet calculated CVE-2020-15513
MISC
CONFIRM
typo3 -- typo3 The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. 2020-07-07 not yet calculated CVE-2020-15514
MISC
CONFIRM
typo3 -- typo3 The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. 2020-07-07 not yet calculated CVE-2020-15515
MISC
CONFIRM
typo3 -- typo3 The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. 2020-07-07 not yet calculated CVE-2020-15517
MISC
CONFIRM
typo3 -- typo3 The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. 2020-07-07 not yet calculated CVE-2020-15516
MISC
CONFIRM
valve -- steam_client
 
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. 2020-07-05 not yet calculated CVE-2020-15530
MISC

veeam -- availability_suite_and_backup_and_replication

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. 2020-07-03 not yet calculated CVE-2020-15518
MISC
venki -- supravizio_bpm Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. 2020-07-07 not yet calculated CVE-2020-15367
MISC
MISC
venki -- supravizio_bpm
 
A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. 2020-07-07 not yet calculated CVE-2020-15392
MISC
MISC

vmware -- fusion_and_remote_console_for_mac_and_horizon_client_for_mac

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. 2020-07-10 not yet calculated CVE-2020-3974
MISC
vmware -- velocloud_orchestrator The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged. 2020-07-08 not yet calculated CVE-2020-3973
MISC
we-com -- municipality_portal_cms XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. 2020-07-05 not yet calculated CVE-2020-15538
MISC
MISC
we-com -- municipality_portal_cms
 
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. 2020-07-05 not yet calculated CVE-2020-15539
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. 2020-07-05 not yet calculated CVE-2020-15536
MISC
MISC
wordpress -- wordpress
 
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser. 2020-07-09 not yet calculated CVE-2020-15299
MISC
xen -- xen
 
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability. 2020-07-07 not yet calculated CVE-2020-15563
MLIST
MISC
xen -- xen
 
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. 2020-07-07 not yet calculated CVE-2020-15564
MLIST
MISC
xen -- xen
 
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. 2020-07-07 not yet calculated CVE-2020-15565
MLIST
MISC
xen -- xen
 
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit. 2020-07-07 not yet calculated CVE-2020-15566
MLIST
MISC
xen -- xen
 
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable. 2020-07-07 not yet calculated CVE-2020-15567
MLIST
MISC
yubico -- libykpiv An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. 2020-07-09 not yet calculated CVE-2020-13132
MISC
CONFIRM
yubico -- libykpiv
 
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token. 2020-07-09 not yet calculated CVE-2020-13131
MISC
CONFIRM
yubico -- yubikey_5_devices
 
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required. 2020-07-09 not yet calculated CVE-2020-15000
CONFIRM
yubico -- yubikey_5_nfc_devices An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.) 2020-07-09 not yet calculated CVE-2020-15001
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No