Bulletin (SB20-237)

Vulnerability Summary for the Week of August 17, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-08-19 7.1 CVE-2020-9712
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9722
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-08-19 7.1 CVE-2020-9696
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9693
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9698
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9699
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9700
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9701
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9704
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 9.3 CVE-2020-9715
MISC
MISC
cisco -- anyconnect_secure_mobility_client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. 2020-08-17 7.2 CVE-2020-3433
CISCO
cisco -- staros A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. 2020-08-17 7.8 CVE-2020-3500
CISCO
citrix -- xenmobile_server Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. 2020-08-17 7.5 CVE-2020-8212
MISC
citrix -- xenmobile_server Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection. 2020-08-17 7.5 CVE-2020-8211
MISC
dbsoft -- sglac An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure. 2020-08-17 7.5 CVE-2020-12606
MISC
geutebrueck -- g-cam_ebc-2110_firmware Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). 2020-08-14 9 CVE-2020-16205
MISC
MISC
linux-cmdline_project -- linux-cmdline The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. 2020-08-17 7.5 CVE-2020-7704
MISC
MISC
microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1498, CVE-2020-1504. 2020-08-17 9.3 CVE-2020-1496
N/A
microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1504. 2020-08-17 9.3 CVE-2020-1498
N/A
microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1495, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504. 2020-08-17 9.3 CVE-2020-1494
N/A
microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504. 2020-08-17 9.3 CVE-2020-1495
N/A
microsoft -- internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570. 2020-08-17 7.6 CVE-2020-1380
N/A
microsoft -- windows_10 A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'. 2020-08-17 9.3 CVE-2020-1339
N/A
microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'. 2020-08-17 7.2 CVE-2020-1520
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. 2020-08-17 7.2 CVE-2020-1467
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1486, CVE-2020-1566. 2020-08-17 7.2 CVE-2020-1417
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377. 2020-08-17 7.2 CVE-2020-1378
MISC
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378. 2020-08-17 7.2 CVE-2020-1377
MISC
N/A
nim-lang -- nim In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands. 2020-08-14 10 CVE-2020-15692
MISC
CONFIRM
nis-utils_project -- nis-utils All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. 2020-08-17 7.5 CVE-2020-7703
MISC
noviflow -- noviware The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system. 2020-08-17 8 CVE-2020-13122
MISC
online_shopping_alphaware_project -- online_shopping_alphaware A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. 2020-08-17 7.5 CVE-2020-24208
MISC
MISC
MISC
php.js_project -- php.js All versions of phpjs are vulnerable to Prototype Pollution via parse_str. 2020-08-14 7.5 CVE-2020-7700
CONFIRM
rapidscada -- rapid_scada Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. 2020-08-14 7.2 CVE-2020-22722
MISC
siemens -- desigo_consumption_control A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges. 2020-08-14 9.3 CVE-2020-10055
MISC
MISC
snmptt -- snmptt SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. 2020-08-16 7.5 CVE-2020-24361
MISC
GENTOO
springtree -- madlib-object-utils madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. 2020-08-14 7.5 CVE-2020-7701
CONFIRM
templ8_project -- templ8 All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. 2020-08-17 7.5 CVE-2020-7702
MISC
ui -- edgeswitch_firmware A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. 2020-08-17 9 CVE-2020-8233
MISC
MISC
MISC
zkteco -- zkbiosecurity_server A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. 2020-08-14 7.5 CVE-2020-17474
MISC
zoom -- sharing_service A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. 2020-08-14 7.2 CVE-2020-9767
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9716
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. 2020-08-19 4.3 CVE-2020-9702
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9717
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. 2020-08-19 4.3 CVE-2020-9703
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak. 2020-08-19 4.3 CVE-2020-9697
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 4.3 CVE-2020-9706
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9721
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9720
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 4.3 CVE-2020-9707
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9723
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation . 2020-08-19 6.8 CVE-2020-9714
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-08-19 6.8 CVE-2020-9694
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9719
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 4.3 CVE-2020-9710
MISC
MISC
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9718
CONFIRM
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-08-19 5 CVE-2020-9705
CONFIRM
adobe -- git-server The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. 2020-08-14 5 CVE-2020-9708
MISC
adobe -- lightroom Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. 2020-08-19 6.8 CVE-2020-9724
CONFIRM
apache -- solr Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. 2020-08-17 6.5 CVE-2020-13941
MISC
cisco -- anyconnect_secure_mobility_client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. 2020-08-17 4.9 CVE-2020-3434
CISCO
cisco -- content_security_management_appliance A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitive log data, which may include user credentials. To exploit this vulnerability, the attacker would need to have valid credentials at the operator level or higher on the affected device. 2020-08-17 4 CVE-2020-3447
CISCO
cisco -- cyber_vision_center A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. 2020-08-17 5 CVE-2020-3448
CISCO
cisco -- dna_center A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. 2020-08-17 5 CVE-2020-3411
CISCO
cisco -- ios_xr A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. The vulnerability is due to an incorrect calculation of lexicographical order when displaying additional path information within Cisco IOS XR Software, which causes an infinite loop. An attacker could exploit this vulnerability by sending a specific BGP update from a BGP neighbor peer session of an affected device; an authorized user must then issue a show bgp command for the vulnerability to be exploited. A successful exploit could allow the attacker to prevent authorized users from properly monitoring the BGP status and prevent BGP from processing new updates, resulting in outdated information in the routing and forwarding tables. 2020-08-17 4.3 CVE-2020-3449
CISCO
cisco -- sg250x-24_firmware A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. 2020-08-17 5 CVE-2020-3363
CISCO
cisco -- unified_communications_manager A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2020-08-17 4.3 CVE-2020-3346
CISCO
cisco -- webex_meetings_online A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-17 4.3 CVE-2020-3463
CISCO
cisco -- webex_meetings_online A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. 2020-08-17 4 CVE-2020-3412
CISCO
cisco -- webex_meetings_online A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves. 2020-08-17 4 CVE-2020-3413
CISCO
cisco -- webex_meetings_online A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. 2020-08-17 4 CVE-2020-3472
CISCO
citrix -- xenmobile_server Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). 2020-08-17 4.3 CVE-2020-8208
MISC
citrix -- xenmobile_server Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. 2020-08-17 5 CVE-2020-8209
MISC
citrix -- xenmobile_server Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. 2020-08-17 5 CVE-2020-8210
MISC
cmsmadesimple -- cms_made_simple CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. 2020-08-14 6.5 CVE-2020-17462
EXPLOIT-DB
expresstech -- quiz_and_survey_master php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. 2020-08-16 4.3 CVE-2016-11085
MISC
fortinet -- fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. 2020-08-14 5 CVE-2019-5591
CONFIRM
galileo_cms_project -- galileo_cms There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). 2020-08-14 4.3 CVE-2019-7410
CONFIRM
MISC
MISC
MISC
getcomposer -- composer-setup In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\ProgramData\ComposerSetup\bin\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\ProgramData\ComposerSetup\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability. 2020-08-14 4.4 CVE-2020-15145
MISC
CONFIRM
graphpaperpress -- sell_media A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). 2020-08-14 4.3 CVE-2019-6112
CONFIRM
MISC
huawei -- e6878-370_firmware Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. 2020-08-17 6.8 CVE-2020-9241
MISC
huawei -- fusioncompute FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. 2020-08-14 5 CVE-2020-9228
MISC
huawei -- fusioncompute FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. 2020-08-17 6.4 CVE-2020-9233
MISC
huawei -- fusioncompute FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. 2020-08-17 6.5 CVE-2020-9242
MISC
huawei -- taurus-al00b_firmware Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. 2020-08-17 4.6 CVE-2020-9237
MISC
ibm -- spectrum_virtualize IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. 2020-08-17 5.5 CVE-2020-4686
XF
CONFIRM
ise -- smart_connect_knx_vaillant ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. 2020-08-14 5 CVE-2019-19643
MISC
megvii -- koala_firmware Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. 2020-08-14 5 CVE-2020-17475
MISC
microsoft -- sharepoint_enterprise_server A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1500. 2020-08-17 5.5 CVE-2020-1501
N/A
microsoft -- sharepoint_enterprise_server A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1501. 2020-08-17 5.5 CVE-2020-1500
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1545
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1546
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1547
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. 2020-08-17 6.8 CVE-2020-1379
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547. 2020-08-17 4.6 CVE-2020-1551
N/A
microsoft -- windows_10 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. 2020-08-17 4.3 CVE-2020-1510
N/A
microsoft -- windows_10 An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'. 2020-08-17 4.3 CVE-2020-1512
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1543
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1544
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Telephony Server Elevation of Privilege Vulnerability'. 2020-08-17 4.6 CVE-2020-1515
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1542
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1484. 2020-08-17 4.6 CVE-2020-1516
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of Privilege Vulnerability'. 2020-08-17 6.5 CVE-2020-1509
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1484, CVE-2020-1516. 2020-08-17 4.6 CVE-2020-1470
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. 2020-08-17 4.6 CVE-2020-1511
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525. 2020-08-17 6.8 CVE-2020-1554
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1541
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1489. 2020-08-17 4.6 CVE-2020-1513
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. 2020-08-17 6.8 CVE-2020-1477
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554. 2020-08-17 6.8 CVE-2020-1525
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1525, CVE-2020-1554. 2020-08-17 6.8 CVE-2020-1492
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1518. 2020-08-17 4.6 CVE-2020-1517
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1517. 2020-08-17 4.6 CVE-2020-1518
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1538. 2020-08-17 4.6 CVE-2020-1519
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1522. 2020-08-17 4.6 CVE-2020-1521
N/A
microsoft -- windows_10 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. 2020-08-17 6.8 CVE-2020-1478
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1521. 2020-08-17 4.6 CVE-2020-1522
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1536
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1539
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 4.6 CVE-2020-1540
N/A
nim-lang -- nim In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. 2020-08-14 6.4 CVE-2020-15693
MISC
CONFIRM
nim-lang -- nim In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length. 2020-08-14 5 CVE-2020-15694
MISC
CONFIRM
openapi-python-client_project -- openapi-python-client In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. 2020-08-14 4 CVE-2020-15141
MISC
MISC
CONFIRM
MISC
openapi-python-client_project -- openapi-python-client In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. 2020-08-14 6 CVE-2020-15142
MISC
MISC
CONFIRM
MISC
phpbb -- phpbb A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. 2020-08-17 5 CVE-2020-8226
MISC
MISC
pnotes.net_project -- pnotes.net A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. 2020-08-14 4.6 CVE-2020-22721
MISC
rocket.chat -- rocket.chat Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. 2020-08-18 4.3 CVE-2020-15926
MISC
MISC
MISC
siemens -- automation_license_manager A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. 2020-08-14 4.6 CVE-2020-7583
MISC
siemens -- sicam_a8000_firmware A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. 2020-08-14 6.8 CVE-2020-15781
MISC
teradici -- pcoip_management_console Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. 2020-08-17 4.3 CVE-2020-13183
MISC
textpattern -- textpattern In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. 2020-08-14 5 CVE-2015-8032
CONFIRM
CONFIRM
textpattern -- textpattern In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. 2020-08-14 5 CVE-2015-8033
CONFIRM
CONFIRM
tiny -- tinymce A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. 2020-08-14 4.3 CVE-2020-12648
MISC
ui -- edgeswitch_firmware An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages. 2020-08-17 4 CVE-2020-8232
MISC
MISC
MISC
zkteco -- zkbiosecurity_server Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. 2020-08-14 4.3 CVE-2020-17473
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- anyconnect_secure_mobility_client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. 2020-08-17 2.1 CVE-2020-3435
CISCO
cisco -- ucs_director A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device. 2020-08-17 3.5 CVE-2020-3464
CISCO
cisco -- webex_meetings Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. 2020-08-17 3.5 CVE-2020-3501
CISCO
cisco -- webex_meetings Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. 2020-08-17 3.5 CVE-2020-3502
CISCO
huawei -- fusioncompute FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. 2020-08-14 2.1 CVE-2020-9229
MISC
huawei -- mate_20_firmware HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic error vulnerability. In a special scenario, the system does not properly process. As a result, attackers can perform a series of operations to successfully establish P2P connections that are rejected by the peer end. As a result, the availability of the device is affected. 2020-08-17 2.1 CVE-2020-9103
MISC
microsoft -- sql_server_management_studio A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'. 2020-08-17 2.1 CVE-2020-1455
N/A
microsoft -- windows_10 An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'. 2020-08-17 2.1 CVE-2020-1383
N/A
microsoft -- windows_10 An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot;straight-line speculation, aka 'Windows ARM Information Disclosure Vulnerability'. 2020-08-17 2.1 CVE-2020-1459
N/A
microsoft -- windows_10 A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'. 2020-08-17 2.1 CVE-2020-1464
MISC
MISC
MISC
N/A
nextcloud -- nextcloud A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. 2020-08-17 2.1 CVE-2020-8230
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info

microsoft -- windows_10
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1577
N/A

microsoft -- windows_10
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1473, CVE-2020-1558, CVE-2020-1564. 2020-08-17 not yet calculated CVE-2020-1557
N/A

microsoft -- windows_10
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1533. 2020-08-17 not yet calculated CVE-2020-1556
N/A

microsoft -- windows_10
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1490
N/A

zulip -- zulip_server
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. 2020-08-21 not yet calculated CVE-2020-14194
CONFIRM
alias_robotics -- alias_robotics
 
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug. 2020-08-20 not yet calculated CVE-2020-10289
CONFIRM
annlab -- v3_lite
 
***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0.8.3 can cause a denial of service via crafted 0x82000028 IOCTL call. 2020-08-18 not yet calculated CVE-2020-23938
apache -- shiro
 
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. 2020-08-17 not yet calculated CVE-2020-13933
MISC
auth0-lock -- auth0-lock
 
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks. 2020-08-20 not yet calculated CVE-2020-15119
CONFIRM
beta_nightly -- beta_nightly
 
** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error. 2020-08-21 not yet calculated CVE-2020-24567
MISC
MISC
bind -- bind
 
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. 2020-08-21 not yet calculated CVE-2020-8621
CONFIRM
bind -- bind
 
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. 2020-08-21 not yet calculated CVE-2020-8620
CONFIRM
bind -- bind
 
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. 2020-08-21 not yet calculated CVE-2020-8622
CONFIRM
bind -- bind
 
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker 2020-08-21 not yet calculated CVE-2020-8623
CONFIRM
bind -- bind
 
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. 2020-08-21 not yet calculated CVE-2020-8624
CONFIRM
cloud_foundry_foundation -- cloud_controller
 
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. 2020-08-21 not yet calculated CVE-2020-5417
CONFIRM
cloud_foundry_foundation -- gorouter
 
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. 2020-08-21 not yet calculated CVE-2020-5416
CONFIRM
connie-lang -- connie-lang
 
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. 2020-08-18 not yet calculated CVE-2020-7706
MISC
MISC
contiki-ng -- contiki-ng
 
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device. 2020-08-18 not yet calculated CVE-2020-14934
MISC
MISC
contiki-ng -- contiki-ng
 
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function's return address. 2020-08-18 not yet calculated CVE-2020-14935
MISC
MISC
contiki-ng -- contiki-ng
 
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request. 2020-08-18 not yet calculated CVE-2020-14936
MISC
MISC
contiki-ng -- contiki-ng
 
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions. 2020-08-18 not yet calculated CVE-2020-14937
MISC
MISC
d-link -- dir-822_rev_bx_devices
 
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. 2020-08-18 not yet calculated CVE-2019-6258
MISC
CONFIRM
dell -- endpoint_security_suite
 
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. 2020-08-18 not yet calculated CVE-2020-5385
MISC
diebold -- nixdorf_procash
 
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. 2020-08-21 not yet calculated CVE-2020-9062
MISC
dolibarr -- dolibarr
 
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. 2020-08-21 not yet calculated CVE-2020-14201
CONFIRM
MISC
edgemax -- edgeswitch
 
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. 2020-08-21 not yet calculated CVE-2020-8234
MISC
MISC
MISC
elastic -- elasticsearch
 
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. 2020-08-18 not yet calculated CVE-2020-7019
MISC
elastic -- enterprise_search
 
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator. 2020-08-18 not yet calculated CVE-2020-7018
MISC
em_client -- em_client
 
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email. 2020-08-20 not yet calculated CVE-2020-12618
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10972. 2020-08-20 not yet calculated CVE-2020-15637
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10950. 2020-08-20 not yet calculated CVE-2020-15638
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9881. 2020-08-20 not yet calculated CVE-2020-8869
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10977. 2020-08-20 not yet calculated CVE-2020-15630
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10764. 2020-08-20 not yet calculated CVE-2020-15629
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files from the GetTIFPalette method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9931. 2020-08-20 not yet calculated CVE-2020-8870
MISC
MISC
ftp-srv -- ftp-srv
 
ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version 4.3.4. More information can be found on the linked advisory. 2020-08-17 not yet calculated CVE-2020-15152
MISC
CONFIRM
MISC
fusioncompute -- fusioncompute
 
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. 2020-08-21 not yet calculated CVE-2020-9246
MISC
gog -- galaxy
 
The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. 2020-08-21 not yet calculated CVE-2020-24574
MISC
MISC
MISC
gunet -- open_eclass_platform
 
** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9.2 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings. NOTE: this is disputed because it only affects misconfigured installations. 2020-08-19 not yet calculated CVE-2020-24381
MISC
CONFIRM
hashicorp -- hashicorp
 
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. 2020-08-20 not yet calculated CVE-2020-24359
MISC
MISC
huawei -- p30_pro_smartphones
 
HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. 2020-08-21 not yet calculated CVE-2020-9096
MISC
huawei -- p30_pro_smartphones
 
HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. 2020-08-21 not yet calculated CVE-2020-9095
MISC
huawei -- p30_smartphones
 
HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. 2020-08-21 not yet calculated CVE-2020-9104
MISC
ibm -- content_navigator
 
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. 2020-08-20 not yet calculated CVE-2020-4687
XF
CONFIRM
ibm -- content_navigator
 
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. 2020-08-20 not yet calculated CVE-2020-4548
XF
CONFIRM
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. 2020-08-19 not yet calculated CVE-2020-4653
XF
CONFIRM
ibm -- planning_analytics
 
A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. 2020-08-19 not yet calculated CVE-2020-4648
XF
CONFIRM
ibm -- spectrum_scale
 
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162. 2020-08-19 not yet calculated CVE-2020-4381
XF
CONFIRM
icinga -- icinga
 
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. 2020-08-19 not yet calculated CVE-2020-24368
MISC
MISC
CONFIRM
irrelon-path -- irrelon-path
 
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. 2020-08-18 not yet calculated CVE-2020-7708
MISC
MISC
MISC
kabir_alhasan -- student_management_system
 
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". 2020-08-20 not yet calculated CVE-2020-23935
MISC
kaldin -- kaldin
 
**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. The impact is: gain privileges (remote). The attack vector is: The affected URLs should be opened. 2020-08-18 not yet calculated CVE-2020-24212
lightbend -- play_framework
 
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. 2020-08-17 not yet calculated CVE-2020-12480
MISC
MISC
linux -- linux-kernal
 
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. 2020-08-19 not yet calculated CVE-2020-14356
SUSE
MISC
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. 2020-08-19 not yet calculated CVE-2020-24394
MISC
MISC
MISC
lua -- lua

 
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). 2020-08-17 not yet calculated CVE-2020-24370
MISC
MISC
lua -- lua

 
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. 2020-08-17 not yet calculated CVE-2020-24371
MISC
MISC
lua -- lua
 
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. 2020-08-17 not yet calculated CVE-2020-24369
MISC
MISC
lua -- lua
 
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. 2020-08-17 not yet calculated CVE-2020-24372
MISC
mailmate -- mailmate
 
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email. 2020-08-20 not yet calculated CVE-2020-12619
MISC
MISC
mavlink -- micro_air_vehicle_link_protocol
 
The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly. 2020-08-20 not yet calculated CVE-2020-10283
CONFIRM
mcafee -- mcafee_total_protection
 
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. 2020-08-21 not yet calculated CVE-2020-7310
CONFIRM
microfocus -- arcsight_management_center
 
Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. 2020-08-19 not yet calculated CVE-2020-11848
MISC
microsoft -- 365_apps_for_enterprise
 
A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1582
N/A
microsoft -- asp.net_core
 
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1597
N/A
microsoft -- directx
 
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1479
N/A
microsoft -- dynamics_365
 
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1591
N/A
microsoft -- dynamics_365_for_finance_and_operations
 
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1182
N/A
microsoft -- edge
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1570. 2020-08-17 not yet calculated CVE-2020-1555
N/A
microsoft -- edge
 
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1569
N/A
microsoft -- edge_pdr_reader
 
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1568
N/A
microsoft -- excel
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1498. 2020-08-17 not yet calculated CVE-2020-1504
N/A
microsoft -- excel
 
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1497
N/A
microsoft -- internet_explorer
 
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1567
N/A
microsoft -- internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1555. 2020-08-17 not yet calculated CVE-2020-1570
N/A
microsoft -- media_foundation
 
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1487
N/A
microsoft -- office
 
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1563
N/A
microsoft -- office
 
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1581
N/A
microsoft -- outlook
 
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1483
N/A
microsoft -- outlook
 
An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1493
N/A
microsoft -- sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1580. 2020-08-17 not yet calculated CVE-2020-1573
N/A
microsoft -- sharepoint
 
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1505
N/A
microsoft -- sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1573. 2020-08-17 not yet calculated CVE-2020-1580
N/A
microsoft -- sharepoint
 
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1500, CVE-2020-1501. 2020-08-17 not yet calculated CVE-2020-1499
N/A
microsoft -- visual_studio_code
 
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-0604
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Connection Broker Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1526
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1480. 2020-08-17 not yet calculated CVE-2020-1529
N/A
microsoft -- windows_10 An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1565
N/A
microsoft -- windows_10

 
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1561. 2020-08-17 not yet calculated CVE-2020-1562
N/A
microsoft -- windows_10

 
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1562. 2020-08-17 not yet calculated CVE-2020-1561
N/A
microsoft -- windows_10

 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1473, CVE-2020-1557, CVE-2020-1564. 2020-08-17 not yet calculated CVE-2020-1558
N/A
microsoft -- windows_10

 
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1574, CVE-2020-1585. 2020-08-17 not yet calculated CVE-2020-1560
N/A
microsoft -- windows_10
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1473, CVE-2020-1557, CVE-2020-1558. 2020-08-17 not yet calculated CVE-2020-1564
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1486. 2020-08-17 not yet calculated CVE-2020-1566
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1571
N/A
microsoft -- windows_10
 
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1560, CVE-2020-1585. 2020-08-17 not yet calculated CVE-2020-1574
N/A
microsoft -- windows_10
 
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka 'Windows Kernel Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1578
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1579
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1584
N/A
microsoft -- windows_10
 
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1560, CVE-2020-1574. 2020-08-17 not yet calculated CVE-2020-1585
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1587
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1534
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1553
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Shell Components Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1524
N/A
microsoft -- windows_10
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1557, CVE-2020-1558, CVE-2020-1564. 2020-08-17 not yet calculated CVE-2020-1473
N/A
microsoft -- windows_10
 
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1466
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1552
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files, aka 'ASP.NET and .NET Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1476
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1529. 2020-08-17 not yet calculated CVE-2020-1480
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1516. 2020-08-17 not yet calculated CVE-2020-1484
N/A
microsoft -- windows_10
 
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1474. 2020-08-17 not yet calculated CVE-2020-1485
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1566. 2020-08-17 not yet calculated CVE-2020-1486
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1488
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1513. 2020-08-17 not yet calculated CVE-2020-1489
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory, aka 'Windows Server Resource Management Service Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1475
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1337
N/A
microsoft -- windows_10
 
A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1046
N/A
microsoft -- windows_10
 
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1485. 2020-08-17 not yet calculated CVE-2020-1474
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Custom Protocol Engine Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1527
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1519. 2020-08-17 not yet calculated CVE-2020-1538
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1549. 2020-08-17 not yet calculated CVE-2020-1550
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1550. 2020-08-17 not yet calculated CVE-2020-1549
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1537. 2020-08-17 not yet calculated CVE-2020-1530
N/A
microsoft -- windows_10
 
An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows WaasMedic Service Information Disclosure Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1548
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Accounts Control Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1531
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1556. 2020-08-17 not yet calculated CVE-2020-1533
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551. 2020-08-17 not yet calculated CVE-2020-1535
N/A
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1530. 2020-08-17 not yet calculated CVE-2020-1537
N/A
microsoft -- windows_radio_manager
 
An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Radio Manager API Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1528
N/A
microsoft -- word
 
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583. 2020-08-17 not yet calculated CVE-2020-1503
N/A
microsoft -- word
 
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583. 2020-08-17 not yet calculated CVE-2020-1502
N/A
microsoft -- word
 
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503. 2020-08-17 not yet calculated CVE-2020-1583
N/A
mongoDB_inc -- mongodb_server
 
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. 2020-08-21 not yet calculated CVE-2020-7923
MISC
moog -- exo_series_exvf5c-2_and_exvp7c2-3_units Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. 2020-08-21 not yet calculated CVE-2020-24052
MISC
MISC
moog -- exo_series_exvf5c-2_and_exvp7c2-3_units
 
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units. 2020-08-21 not yet calculated CVE-2020-24054
MISC
MISC
moog -- exo_series_exvf5c-2_and_exvp7c2-3_units
 
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 not yet calculated CVE-2020-24053
MISC
MISC
moog -- exo_series_exvf5c-2_and_exvp7c2-3_units
 
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. 2020-08-21 not yet calculated CVE-2020-24051
MISC
MISC
ncr -- self_serv_atms
 
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. 2020-08-21 not yet calculated CVE-2020-9063
MISC
MISC
MISC
MISC
MISC
ncr -- selfsev_atm
 
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. 2020-08-21 not yet calculated CVE-2020-10124
MISC
MISC
ncr -- selfsev_atm
 
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. 2020-08-21 not yet calculated CVE-2020-10123
MISC
MISC
MISC
MISC
MISC
ncr -- selfsev_atm
 
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. 2020-08-21 not yet calculated CVE-2020-10126
MISC
MISC
ncr -- selfsev_atm
 
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. 2020-08-21 not yet calculated CVE-2020-10125
MISC
MISC
nessus -- nessus
 
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. 2020-08-21 not yet calculated CVE-2020-5774
MISC
net-snmp -- net-snmp Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. 2020-08-20 not yet calculated CVE-2020-15861
CONFIRM
CONFIRM
CONFIRM
net-snmp -- net-snmp
 
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. 2020-08-20 not yet calculated CVE-2020-15862
MISC
CONFIRM
CONFIRM
MISC
netgear -- mulitple_routers
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852. 2020-08-20 not yet calculated CVE-2020-15636
MISC
MISC
netgear -- r6700_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. 2020-08-20 not yet calculated CVE-2020-15634
MISC
MISC
netgear -- r6700_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853. 2020-08-20 not yet calculated CVE-2020-15635
MISC
MISC
netlogon -- netlogon
 
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. 2020-08-17 not yet calculated CVE-2020-1472
N/A
nextcloud -- desktop_client
 
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. 2020-08-21 not yet calculated CVE-2020-8227
MISC
MISC
nextcloud -- desktop_client
 
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. 2020-08-21 not yet calculated CVE-2020-8189
MISC
MISC
nexusqa -- nexusqa
 
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. 2020-08-21 not yet calculated CVE-2020-24571
MISC
nodebb -- nodebb
 
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an account takeover. As a workaround you may cherry-pick the following commit from the project's repository to your running instance of NodeBB: 16cee1b03ba3eee177834a1fdac4aa8a12b39d2a. This is fixed in version 1.14.3. 2020-08-20 not yet calculated CVE-2020-15149
MISC
CONFIRM
MISC
openmage -- openmage
 
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2. 2020-08-20 not yet calculated CVE-2020-15151
MISC
CONFIRM
MISC
ovirt -- ovirt_engine
 
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. 2020-08-18 not yet calculated CVE-2020-14333
CONFIRM
package_property -- package_property
 
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. 2020-08-18 not yet calculated CVE-2020-7707
MISC
MISC
MISC
philips -- dreammapper
 
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. 2020-08-21 not yet calculated CVE-2020-14518
MISC
philips -- suresigns
 
Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. 2020-08-21 not yet calculated CVE-2020-16237
MISC
philips -- suresigns
 
Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2020-08-21 not yet calculated CVE-2020-16241
MISC
philips -- suresigns
 
Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-08-21 not yet calculated CVE-2020-16239
MISC
phpgurukul -- vehicle_parking_management_system
 
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". 2020-08-20 not yet calculated CVE-2020-23936
MISC
phplist -- phplist

 
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. 2020-08-20 not yet calculated CVE-2020-13826
MISC
phplist -- phplist
 
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. 2020-08-20 not yet calculated CVE-2020-13825
MISC
rangee -- rangee
 
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system. 2020-08-20 not yet calculated CVE-2020-16282
MISC
rangee -- rangee
 
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization. 2020-08-20 not yet calculated CVE-2020-16279
MISC
rangee -- rangee
 
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system. 2020-08-20 not yet calculated CVE-2020-16280
MISC
rangee -- rangee
 
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. 2020-08-20 not yet calculated CVE-2020-16281
MISC
red_discord_bot -- red_discord_bot
 
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11. 2020-08-21 not yet calculated CVE-2020-15140
MISC
CONFIRM
red_discord_bot -- red_discord_bot
 
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. 2020-08-21 not yet calculated CVE-2020-15147
MISC
MISC
CONFIRM
ritecms -- ritecms
 
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section. 2020-08-18 not yet calculated CVE-2020-23934
MISC
MISC
safe-eval -- safe-eval
 
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. 2020-08-21 not yet calculated CVE-2020-7710
MISC
MISC
seowon_intech -- slc-130_and_slr-120s_devices
 
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. 2020-08-20 not yet calculated CVE-2020-17456
MISC
MISC
shopxo -- shopxo
 
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. 2020-08-17 not yet calculated CVE-2020-24220
MISC
sierra_wireless -- aleos An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. 2020-08-21 not yet calculated CVE-2019-11852
MISC
sierra_wireless -- aleos
 
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. 2020-08-21 not yet calculated CVE-2019-11847
MISC
sierra_wireless -- aleos
 
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. 2020-08-21 not yet calculated CVE-2019-11859
MISC
sierra_wireless -- aleos
 
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. 2020-08-21 not yet calculated CVE-2019-11862
MISC
sierra_wireless -- aleos
 
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. 2020-08-21 not yet calculated CVE-2019-11849
MISC
sierra_wireless -- aleos
 
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution 2020-08-21 not yet calculated CVE-2019-11850
MISC
sierra_wireless -- aleos
 
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. 2020-08-21 not yet calculated CVE-2019-11853
MISC
sierra_wireless -- aleos
 
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. 2020-08-21 not yet calculated CVE-2019-11855
MISC
sierra_wireless -- aleos
 
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. 2020-08-21 not yet calculated CVE-2019-11856
MISC
sierra_wireless -- aleos
 
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. 2020-08-21 not yet calculated CVE-2019-11857
MISC
sierra_wireless -- aleos
 
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. 2020-08-21 not yet calculated CVE-2019-11858
MISC
sierra_wireless -- aleos
 
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. 2020-08-21 not yet calculated CVE-2019-11848
MISC
silicon_labs -- bluetooth_low_energy_sdk
 
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. 2020-08-20 not yet calculated CVE-2020-15532
MISC
MISC
MISC
silicon_labs -- bluetooth_low_energy_sdk
 
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. 2020-08-20 not yet calculated CVE-2020-15531
MISC
MISC
MISC
MISC
stimulsoft -- stimulsoft
 
A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. 2020-08-18 not yet calculated CVE-2020-15865
MISC
sylius -- resource_bundle
 
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. 2020-08-20 not yet calculated CVE-2020-15143
CONFIRM
sylius -- resource_bundle
 
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. 2020-08-20 not yet calculated CVE-2020-15146
CONFIRM
sysax -- multi_server
 
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash. 2020-08-19 not yet calculated CVE-2020-23574
MISC
tenable -- canvas_lms
 
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. 2020-08-21 not yet calculated CVE-2020-5775
MISC
thales -- dis
 
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 2020-08-21 not yet calculated CVE-2020-15858
CONFIRM
tibco -- data_virtualization_server
 
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below. 2020-08-18 not yet calculated CVE-2020-9415
CONFIRM
CONFIRM
treasuryxpress -- treasuryxpress
 
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. 2020-08-20 not yet calculated CVE-2019-20152
MISC
treasuryxpress -- treasuryxpress
 
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host. 2020-08-20 not yet calculated CVE-2019-20150
MISC
treasuryxpress -- treasuryxpress
 
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). 2020-08-20 not yet calculated CVE-2019-20151
MISC
universal_robots -- universal_robots
 
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system 2020-08-21 not yet calculated CVE-2020-10290
CONFIRM
verint -- multiple_units
 
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication. 2020-08-21 not yet calculated CVE-2020-24055
MISC
MISC
verint -- multiple_units
 
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 not yet calculated CVE-2020-24056
MISC
MISC
verint -- s5120fd_units
 
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'. 2020-08-21 not yet calculated CVE-2020-24057
MISC
MISC
vmware -- app_volumes
 
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. 2020-08-21 not yet calculated CVE-2020-3975
MISC
vmware -- esxi_and_vcenter_server
 
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. 2020-08-21 not yet calculated CVE-2020-3976
MISC
wolfssl -- wolfssl
 
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. 2020-08-21 not yet calculated CVE-2020-24585
MISC
MISC
wolfssl -- wolfssl
 
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). 2020-08-21 not yet calculated CVE-2020-15309
CONFIRM
wolfssl -- wolfssl
 
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. 2020-08-21 not yet calculated CVE-2020-12457
MISC
CONFIRM
wordpress -- wordpress
 
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. 2020-08-21 not yet calculated CVE-2020-20634
MISC
wordpress -- wordpress
 
ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. 2020-08-21 not yet calculated CVE-2020-20633
MISC
ws02 -- api_manager The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. 2020-08-21 not yet calculated CVE-2020-24590
MISC
ws02 -- api_manager
 
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. 2020-08-21 not yet calculated CVE-2020-24591
MISC
ws02 -- api_manager
 
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. 2020-08-21 not yet calculated CVE-2020-24589
MISC
xorux -- xorux
 
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. 2020-08-18 not yet calculated CVE-2020-24032
MISC
MISC
zulip -- zulip_server
 
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. 2020-08-21 not yet calculated CVE-2020-12759
CONFIRM
zulip -- zulip_server
 
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. 2020-08-21 not yet calculated CVE-2020-14215
CONFIRM
zulip -- zulip_server
 
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. 2020-08-21 not yet calculated CVE-2020-15070
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No