Vulnerability Summary for the Week of August 24, 2020
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
13enforme -- 13enforme_cms | 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. | 2020-08-27 | 7.5 | CVE-2020-23979 MISC |
cellopoint -- cellos | Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. | 2020-08-25 | 9 | CVE-2020-17384 MISC |
ibm -- connect\ | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. | 2020-08-24 | 7.2 | CVE-2020-4587 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. | 2020-08-26 | 9 | CVE-2019-4713 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. | 2020-08-26 | 7.5 | CVE-2019-4694 XF CONFIRM |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501. | 2020-08-25 | 9 | CVE-2020-15642 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549. | 2020-08-25 | 9 | CVE-2020-15643 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550. | 2020-08-25 | 9 | CVE-2020-15644 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. | 2020-08-25 | 9 | CVE-2020-15645 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. | 2020-08-25 | 9 | CVE-2020-17387 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799. | 2020-08-25 | 9 | CVE-2020-17388 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. | 2020-08-25 | 9 | CVE-2020-17389 MISC MISC |
moog -- exvf5c-2_firmware | The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. | 2020-08-21 | 10 | CVE-2020-24051 MISC MISC |
moog -- exvf5c-2_firmware | The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units. | 2020-08-21 | 10 | CVE-2020-24054 MISC MISC |
ncr -- aptra_xfs | NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. | 2020-08-21 | 7.2 | CVE-2020-9063 MISC MISC MISC MISC MISC |
ncr -- aptra_xfs | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. | 2020-08-21 | 7.2 | CVE-2020-10126 MISC MISC |
nextcloud -- nextcloud | Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | 2020-08-21 | 7.1 | CVE-2020-8227 MISC MISC |
safe-eval_project -- safe-eval | This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | 2020-08-21 | 7.5 | CVE-2020-7710 MISC MISC |
sierrawireless -- aleos | A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. | 2020-08-21 | 9 | CVE-2019-11859 MISC |
sintef -- urx | Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system | 2020-08-21 | 7.2 | CVE-2020-10290 CONFIRM |
softing -- opc | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 2020-08-25 | 7.5 | CVE-2020-14524 MISC |
soluzioneglobale -- ecommerce_cms | SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" | 2020-08-27 | 7.5 | CVE-2020-23978 MISC MISC |
verint -- 5620ptz_firmware | Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication. | 2020-08-21 | 7.5 | CVE-2020-24055 MISC MISC |
verint -- s5120fd_firmware | The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'. | 2020-08-21 | 9 | CVE-2020-24057 MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
13enforme -- 13enforme_cms | 13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. | 2020-08-27 | 4.3 | CVE-2020-23981 MISC |
asus -- rt-ac1900p_firmware | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. | 2020-08-26 | 4.3 | CVE-2020-15499 MISC |
cellopoint -- cellos | Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | 2020-08-25 | 4 | CVE-2020-17386 MISC |
cellopoint -- cellos | Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | 2020-08-25 | 5 | CVE-2020-17385 MISC |
cisco -- data_center_network_manager | A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | 2020-08-26 | 5.5 | CVE-2020-3519 CISCO |
cisco -- data_center_network_manager | A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system. | 2020-08-26 | 4 | CVE-2020-3521 CISCO |
cloudfoundry -- cf-deployment | Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. | 2020-08-21 | 4 | CVE-2020-5416 CONFIRM |
cloudfoundry -- cf-deployment | Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. | 2020-08-21 | 6.5 | CVE-2020-5417 CONFIRM |
codiad -- codiad | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | 2020-08-25 | 4.3 | CVE-2020-14042 MISC MISC |
cogboard -- red_discord_bot | In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11. | 2020-08-21 | 5.5 | CVE-2020-15140 MISC CONFIRM |
cogboard -- red_discord_bot | Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. | 2020-08-21 | 6 | CVE-2020-15147 MISC MISC CONFIRM |
cybersolutions -- cybermail | Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. | 2020-08-25 | 4.3 | CVE-2020-5540 MISC MISC |
cybersolutions -- cybermail | Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | 2020-08-25 | 5.8 | CVE-2020-5541 MISC MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | 2020-08-24 | 4.3 | CVE-2020-19880 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, | 2020-08-24 | 4.3 | CVE-2020-19879 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | 2020-08-24 | 5 | CVE-2020-19878 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | 2020-08-24 | 5 | CVE-2020-19877 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table. | 2020-08-24 | 4.3 | CVE-2020-19888 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. | 2020-08-24 | 4 | CVE-2020-19890 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | 2020-08-24 | 6.5 | CVE-2020-19891 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | 2020-08-24 | 6.8 | CVE-2020-19889 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | 2020-08-24 | 4.3 | CVE-2020-19886 MISC |
dolibarr -- dolibarr | Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | 2020-08-21 | 4 | CVE-2020-14201 CONFIRM MISC |
elementor -- elementor_page_builder | Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. | 2020-08-21 | 4 | CVE-2020-20634 MISC |
gog -- galaxy | The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. | 2020-08-21 | 6.9 | CVE-2020-24574 MISC MISC MISC |
goxmldsig_project -- goxmldsig | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | 2020-08-23 | 5 | CVE-2020-7711 MISC MISC |
huawei -- fusioncompute | FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. | 2020-08-21 | 4 | CVE-2020-9246 MISC |
ibm -- elastic_storage_server | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165. | 2020-08-24 | 4 | CVE-2020-4383 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. | 2020-08-26 | 5 | CVE-2019-4686 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | 2020-08-26 | 4 | CVE-2019-4697 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. | 2020-08-26 | 4.3 | CVE-2019-4688 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | 2020-08-26 | 4 | CVE-2019-4699 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. | 2020-08-26 | 5 | CVE-2019-4689 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | 2020-08-26 | 5 | CVE-2019-4692 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. | 2020-08-26 | 5 | CVE-2019-4698 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. | 2020-08-26 | 5 | CVE-2019-4701 XF CONFIRM |
ibm -- security_guardium | IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. | 2020-08-26 | 5 | CVE-2018-1501 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | 2020-08-27 | 5 | CVE-2020-4166 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. | 2020-08-24 | 4.3 | CVE-2020-4170 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | 2020-08-27 | 4 | CVE-2020-4171 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. | 2020-08-27 | 5 | CVE-2020-4174 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. | 2020-08-27 | 5 | CVE-2020-4169 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | 2020-08-27 | 5 | CVE-2020-4172 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. | 2020-08-27 | 6.5 | CVE-2020-4603 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. | 2020-08-27 | 6.4 | CVE-2020-4167 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. | 2020-08-24 | 5.8 | CVE-2020-4598 XF CONFIRM |
ibm -- websphere_application_server | IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. | 2020-08-27 | 4.3 | CVE-2020-4575 XF CONFIRM |
instructure -- canvas_learning_management_service | Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. | 2020-08-21 | 5 | CVE-2020-5775 MISC |
isc -- bind | In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | 2020-08-21 | 4.3 | CVE-2020-8623 CONFIRM MLIST FEDORA FEDORA GENTOO CONFIRM UBUNTU DEBIAN CONFIRM |
isc -- bind | In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. | 2020-08-21 | 4.3 | CVE-2020-8621 CONFIRM GENTOO CONFIRM UBUNTU CONFIRM |
isc -- bind | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | 2020-08-21 | 5 | CVE-2020-8620 CONFIRM GENTOO CONFIRM UBUNTU CONFIRM |
isc -- bind | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. | 2020-08-21 | 4 | CVE-2020-8622 CONFIRM MLIST FEDORA FEDORA GENTOO CONFIRM UBUNTU UBUNTU DEBIAN CONFIRM |
isc -- bind | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 2020-08-21 | 4 | CVE-2020-8624 CONFIRM FEDORA FEDORA GENTOO CONFIRM UBUNTU DEBIAN CONFIRM |
joomla -- joomla\! | An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | 2020-08-26 | 5.8 | CVE-2020-24598 MISC |
joomla -- joomla\! | An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | 2020-08-26 | 4.3 | CVE-2020-24599 MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499. | 2020-08-25 | 5 | CVE-2020-15641 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497. | 2020-08-25 | 5 | CVE-2020-15640 MISC MISC |
mongodb -- mongodb | A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. | 2020-08-21 | 4 | CVE-2020-7923 MISC MLIST |
moog -- exvf5c-2_firmware | Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | 2020-08-21 | 5 | CVE-2020-24053 MISC MISC |
moog -- exvf5c-2_firmware | Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | 2020-08-21 | 6.4 | CVE-2020-24052 MISC MISC |
ncr -- aptra_xfs | NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | 2020-08-21 | 4.6 | CVE-2020-10125 MISC MISC |
ncr -- aptra_xfs | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | 2020-08-21 | 4.4 | CVE-2020-10124 MISC MISC |
nexusdb -- nexusdb | NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | 2020-08-21 | 5 | CVE-2020-24571 MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11304. | 2020-08-25 | 4.6 | CVE-2020-17400 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134. | 2020-08-25 | 4.6 | CVE-2020-17395 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519. | 2020-08-25 | 4.6 | CVE-2020-17392 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217. | 2020-08-25 | 4.6 | CVE-2020-17396 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11303. | 2020-08-25 | 4.6 | CVE-2020-17399 MISC MISC |
philips -- dreammapper | Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | 2020-08-21 | 5 | CVE-2020-14518 MISC |
philips -- suresigns_vs4_firmware | Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-08-21 | 4 | CVE-2020-16239 MISC |
postgresql -- postgresql | It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | 2020-08-24 | 6.5 | CVE-2020-14349 SUSE SUSE SUSE MISC GENTOO |
postgresql -- postgresql | It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | 2020-08-24 | 4.4 | CVE-2020-14350 SUSE SUSE SUSE SUSE MISC DEBIAN GENTOO |
redhat -- ansible | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. | 2020-08-26 | 6.1 | CVE-2019-14904 MISC MISC |
secomea -- gatemanager_8250_firmware | GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | 2020-08-25 | 5 | CVE-2020-14512 MISC |
sierrawireless -- aleos | Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | 2020-08-21 | 6.5 | CVE-2019-11858 MISC |
sierrawireless -- aleos | The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. | 2020-08-21 | 4.6 | CVE-2019-11862 MISC |
sierrawireless -- aleos | Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. | 2020-08-21 | 4 | CVE-2019-11857 MISC |
softing -- opc | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | 2020-08-25 | 5 | CVE-2020-14522 MISC |
techkshetrainfo -- savsoft_quiz | TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. | 2020-08-25 | 4.3 | CVE-2020-24609 MISC |
verint -- 5620ptz_firmware | A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | 2020-08-21 | 5 | CVE-2020-24056 MISC MISC |
vmware -- cloud_foundation | VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | 2020-08-21 | 5 | CVE-2020-3976 MISC |
webdesi9 -- file_manager | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | 2020-08-26 | 5 | CVE-2020-24312 MISC |
wolfssl -- wolfssl | An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. | 2020-08-21 | 5 | CVE-2020-12457 MISC CONFIRM |
wolfssl -- wolfssl | An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | 2020-08-21 | 6.9 | CVE-2020-15309 CONFIRM |
wolfssl -- wolfssl | An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. | 2020-08-21 | 5 | CVE-2020-24585 MISC MISC |
wso2 -- api_manager | The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | 2020-08-21 | 6.4 | CVE-2020-24589 MISC |
wso2 -- api_manager | The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | 2020-08-21 | 6.4 | CVE-2020-24590 MISC |
wso2 -- api_manager | The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | 2020-08-21 | 5.5 | CVE-2020-24591 MISC |
zulip -- zulip_server | Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | 2020-08-21 | 6.5 | CVE-2020-15070 CONFIRM |
zulip -- zulip_server | Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. | 2020-08-21 | 5.8 | CVE-2020-14194 CONFIRM |
zulip -- zulip_server | Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. | 2020-08-21 | 5 | CVE-2020-14215 CONFIRM |
zulip -- zulip_server | Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | 2020-08-21 | 4.3 | CVE-2020-12759 CONFIRM |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-08-26 | 3.5 | CVE-2020-3439 CISCO |
cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-08-26 | 3.5 | CVE-2020-3518 CISCO |
cisco -- data_center_network_manager | A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege. | 2020-08-26 | 2.1 | CVE-2020-3520 CISCO |
cookielawinfo -- gdpr_cookie_consent | ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. | 2020-08-21 | 3.5 | CVE-2020-20633 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. | 2020-08-24 | 3.5 | CVE-2020-19884 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 2020-08-24 | 3.5 | CVE-2020-19887 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 2020-08-24 | 3.5 | CVE-2020-19885 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 2020-08-24 | 3.5 | CVE-2020-19883 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 2020-08-24 | 3.5 | CVE-2020-19882 MISC |
dbhcms_project -- dbhcms | DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 2020-08-24 | 3.5 | CVE-2020-19881 MISC |
dieboldnixdorf -- probase | Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | 2020-08-21 | 2.1 | CVE-2020-9062 MISC |
exceedone -- exment | Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. | 2020-08-25 | 3.5 | CVE-2020-5619 MISC MISC |
exceedone -- exment | Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. | 2020-08-25 | 3.5 | CVE-2020-5620 MISC MISC |
huawei -- p30_firmware | HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. | 2020-08-21 | 3.3 | CVE-2020-9104 MISC |
huawei -- p30_pro_firmware | HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. | 2020-08-21 | 2.1 | CVE-2020-9095 MISC |
huawei -- p30_pro_firmware | HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. | 2020-08-21 | 2.1 | CVE-2020-9096 MISC |
ibm -- elastic_storage_server | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. | 2020-08-24 | 2.1 | CVE-2020-4382 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. | 2020-08-26 | 3.5 | CVE-2019-4691 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | 2020-08-26 | 2.1 | CVE-2019-4695 XF CONFIRM |
ibm -- guardium_data_encryption | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | 2020-08-26 | 2.1 | CVE-2019-4693 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | 2020-08-24 | 2.1 | CVE-2020-4593 XF CONFIRM |
mcafee -- total_protection | Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | 2020-08-21 | 3.3 | CVE-2020-7310 CONFIRM |
naviwebs -- navigatecms | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | 2020-08-26 | 3.5 | CVE-2020-23657 MISC |
naviwebs -- navigatecms | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." | 2020-08-26 | 3.5 | CVE-2020-23656 MISC |
naviwebs -- navigatecms | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." | 2020-08-26 | 3.5 | CVE-2020-23654 MISC |
naviwebs -- navigatecms | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | 2020-08-26 | 3.5 | CVE-2020-23655 MISC |
ncr -- aptra_xfs | The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. | 2020-08-21 | 2.1 | CVE-2020-10123 MISC MISC MISC MISC MISC |
nextcloud -- nextcloud | A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | 2020-08-21 | 3.5 | CVE-2020-8189 MISC MISC |
osticket -- osticket | osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | 2020-08-26 | 3.5 | CVE-2020-16193 MISC CONFIRM |
parallels -- parallels_desktop | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520. | 2020-08-25 | 2.1 | CVE-2020-17393 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302. | 2020-08-25 | 2.1 | CVE-2020-17398 MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363. | 2020-08-25 | 2.1 | CVE-2020-17401 MISC MISC |
philips -- suresigns_vs4_firmware | Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 2020-08-21 | 2.1 | CVE-2020-16241 MISC |
philips -- suresigns_vs4_firmware | Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | 2020-08-21 | 2.1 | CVE-2020-16237 MISC |
tenable -- nessus | Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. | 2020-08-21 | 3.6 | CVE-2020-5774 MISC |
vmware -- app_volumes | VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. | 2020-08-21 | 3.5 | CVE-2020-3975 MISC |
webport_project -- webport | WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. | 2020-08-26 | 3.5 | CVE-2020-23659 MISC |
webtareas_project -- webtareas | webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | 2020-08-26 | 3.5 | CVE-2020-23660 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advantech -- iview | Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | 2020-08-25 | not yet calculated | CVE-2020-16245 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
akamai -- enterprise_access_client | Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | 2020-08-26 | not yet calculated | CVE-2019-18847 MISC MISC |
aruba -- intelligent_edge_switch_series | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | 2020-08-26 | not yet calculated | CVE-2019-5320 MISC |
aruba -- intelligent_edge_switch_series | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. | 2020-08-26 | not yet calculated | CVE-2019-5321 MISC |
asus -- rt-ac1900p_routers | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. | 2020-08-26 | not yet calculated | CVE-2020-15498 MISC |
atlassian -- table_filter_and_charts_for_confluence_server | The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). | 2020-08-29 | not yet calculated | CVE-2020-24898 MISC |
atlassian -- table_filter_and_charts_for_confluence_server | The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro. | 2020-08-29 | not yet calculated | CVE-2020-24897 MISC |
basercms -- basercms | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. | 2020-08-28 | not yet calculated | CVE-2020-15154 MISC CONFIRM |
basercms -- basercms | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. | 2020-08-28 | not yet calculated | CVE-2020-15159 MISC MISC CONFIRM |
basercms -- basercms | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. | 2020-08-28 | not yet calculated | CVE-2020-15155 MISC MISC CONFIRM |
chameleon -- mini_live_debugger | Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. | 2020-08-28 | not yet calculated | CVE-2020-15165 CONFIRM MISC |
cisco -- connected_mobile_experiences | A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | 2020-08-26 | not yet calculated | CVE-2020-3151 CISCO |
cisco -- connected_mobile_experiences | A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | 2020-08-26 | not yet calculated | CVE-2020-3152 CISCO |
cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. | 2020-08-26 | not yet calculated | CVE-2020-3522 CISCO |
cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-08-26 | not yet calculated | CVE-2020-3523 CISCO |
cisco -- discovery_protocol | Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-08-26 | not yet calculated | CVE-2020-3506 CISCO |
cisco -- discovery_protocol | Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-08-26 | not yet calculated | CVE-2020-3507 CISCO |
cisco -- discovery_protocol | A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-08-26 | not yet calculated | CVE-2020-3505 CISCO |
cisco -- dna_center | Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-08-26 | not yet calculated | CVE-2020-3466 CISCO |
cisco -- fabric_services | A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. | 2020-08-27 | not yet calculated | CVE-2020-3517 CISCO |
cisco -- hyperflex_hx-series | A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. | 2020-08-26 | not yet calculated | CVE-2020-3389 CISCO |
cisco -- ios_xr_software | A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. | 2020-08-29 | not yet calculated | CVE-2020-3566 CISCO |
cisco -- nexus_3000_series_switches | A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. | 2020-08-27 | not yet calculated | CVE-2020-3394 CISCO |
cisco -- nx-os_software
| A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. | 2020-08-27 | not yet calculated | CVE-2020-3398 CISCO |
cisco -- nx-os_software | A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS. | 2020-08-27 | not yet calculated | CVE-2020-3454 CISCO |
cisco -- nx-os_software | A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. | 2020-08-27 | not yet calculated | CVE-2020-3397 CISCO |
cisco -- nx-os_software | A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. | 2020-08-27 | not yet calculated | CVE-2020-3415 CISCO |
cisco -- nx-os_software | A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device. | 2020-08-27 | not yet calculated | CVE-2020-3338 CISCO |
cisco -- small_business_smart_and_managed_switches | A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. | 2020-08-26 | not yet calculated | CVE-2020-3496 CISCO |
cisco -- smart_software_manager_on-prem | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. | 2020-08-26 | not yet calculated | CVE-2020-3443 CISCO |
cisco -- ucs_manager_software | A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. | 2020-08-27 | not yet calculated | CVE-2020-3504 CISCO |
cisco -- virtual_wide_area_application_services | A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. | 2020-08-26 | not yet calculated | CVE-2020-3446 CISCO |
cisco -- vision_dynamic_sinage_director | A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. | 2020-08-26 | not yet calculated | CVE-2020-3485 CISCO |
cisco -- vision_dynamic_sinage_director | A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. | 2020-08-26 | not yet calculated | CVE-2020-3490 CISCO |
cisco -- vision_dynamic_sinage_director | A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. | 2020-08-26 | not yet calculated | CVE-2020-3491 CISCO |
cisco -- vision_dynamic_sinage_director | A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device. | 2020-08-26 | not yet calculated | CVE-2020-3484 CISCO |
cisco -- webex_meetings_desktop_app | A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. | 2020-08-26 | not yet calculated | CVE-2020-3440 CISCO |
codecanyon -- online_hotel_booking_system_pro | Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | 2020-08-27 | not yet calculated | CVE-2020-23984 MISC |
create-project_manager -- create-project_manager | Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). | 2020-08-27 | not yet calculated | CVE-2020-23974 MISC MISC |
dell -- emc_onefs | Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. | 2020-08-27 | not yet calculated | CVE-2020-5383 MISC |
designmasterevents -- designmasterevents | DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | 2020-08-27 | not yet calculated | CVE-2020-23982 MISC MISC |
designmasterevents -- designmasterevents | DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | 2020-08-27 | not yet calculated | CVE-2020-23980 MISC MISC |
dr_trust -- ecg_pen_devices | An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. | 2020-08-26 | not yet calculated | CVE-2020-15486 MISC |
edgemax -- edgeswitch | A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. | 2020-08-21 | not yet calculated | CVE-2020-8234 MISC MISC MISC |
ericom -- access_server | Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. | 2020-08-26 | not yet calculated | CVE-2020-24548 MISC MISC |
ericsson -- ipecs | A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | 2020-08-25 | not yet calculated | CVE-2020-7824 MISC MISC |
expo -- secure-store | secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. | 2020-08-26 | not yet calculated | CVE-2020-24653 MISC |
eyesofnetwork -- eonweb | eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | 2020-08-27 | not yet calculated | CVE-2020-24390 CONFIRM CONFIRM MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. | 2020-08-26 | not yet calculated | CVE-2020-5912 MISC |
f5 -- big-ip | In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. | 2020-08-26 | not yet calculated | CVE-2020-5922 MISC |
f5 -- big-ip | In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections. | 2020-08-26 | not yet calculated | CVE-2020-5913 MISC |
f5 -- big-ip | In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. | 2020-08-26 | not yet calculated | CVE-2020-5928 MISC |
f5 -- big-ip | In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. | 2020-08-26 | not yet calculated | CVE-2020-5927 MISC |
f5 -- big-ip | In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. | 2020-08-26 | not yet calculated | CVE-2020-5914 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. | 2020-08-26 | not yet calculated | CVE-2020-5915 MISC |
f5 -- big-ip | in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected. | 2020-08-26 | not yet calculated | CVE-2020-5921 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. | 2020-08-26 | not yet calculated | CVE-2020-5916 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | 2020-08-26 | not yet calculated | CVE-2020-5917 MISC |
f5 -- big-ip | In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. | 2020-08-26 | not yet calculated | CVE-2020-5919 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. | 2020-08-26 | not yet calculated | CVE-2020-5926 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances. | 2020-08-26 | not yet calculated | CVE-2020-5925 MISC |
f5 -- big-ip | In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. | 2020-08-26 | not yet calculated | CVE-2020-5924 MISC |
f5 -- big-ip | In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. | 2020-08-26 | not yet calculated | CVE-2020-5923 MISC |
f5 -- big-ip | In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | 2020-08-26 | not yet calculated | CVE-2020-5920 MISC |
f5 -- big-ip | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. | 2020-08-26 | not yet calculated | CVE-2020-5918 MISC |
fedora -- fedora | An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | 2020-08-24 | not yet calculated | CVE-2020-24612 MISC MISC |
fedora -- fedora | A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | 2020-08-24 | not yet calculated | CVE-2020-14367 MISC FEDORA GENTOO |
fluidbyte -- codiad | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | 2020-08-24 | not yet calculated | CVE-2020-14044 MISC MISC |
fluidbyte -- codiad | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | 2020-08-24 | not yet calculated | CVE-2020-14043 MISC MISC |
fossil -- fossil | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | 2020-08-25 | not yet calculated | CVE-2020-24614 MLIST MISC CONFIRM MISC |
foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003. | 2020-08-25 | not yet calculated | CVE-2020-17403 MISC MISC |
foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191. | 2020-08-25 | not yet calculated | CVE-2020-17404 MISC MISC |
github -- enterprise_server | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. | 2020-08-27 | not yet calculated | CVE-2020-10517 CONFIRM CONFIRM CONFIRM |
github -- enterprise_server | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. | 2020-08-27 | not yet calculated | CVE-2020-10518 MISC MISC MISC |
gnome -- geary | GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. | 2020-08-26 | not yet calculated | CVE-2020-24661 MISC |
gnu -- bison | GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | 2020-08-25 | not yet calculated | CVE-2020-24240 MISC MISC MISC |
gnupg -- gnupg | The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | 2020-08-29 | not yet calculated | CVE-2020-24972 MISC MISC GENTOO |
grafana_labs -- grafana | Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | 2020-08-28 | not yet calculated | CVE-2019-19499 MISC |
halo -- halo | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | 2020-08-26 | not yet calculated | CVE-2020-19007 MISC |
hashicorp -- vault_and_vault_enterprise | HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. | 2020-08-26 | not yet calculated | CVE-2020-16251 MISC MISC |
hashicorp -- vault_and_vault_enterprise | HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | 2020-08-26 | not yet calculated | CVE-2020-16250 MISC MISC |
hivemq -- broker_control_center | An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. | 2020-08-26 | not yet calculated | CVE-2020-13821 MISC MISC |
hms_industrial_networks_ab -- ecatcher | HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 2020-08-26 | not yet calculated | CVE-2020-14498 MISC |
hoosk -- codeigniter | Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | 2020-08-28 | not yet calculated | CVE-2020-16610 MISC CONFIRM |
ibm -- resilient_soar | IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. | 2020-08-28 | not yet calculated | CVE-2019-4579 XF CONFIRM |
ibm -- resilient_soar | IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. | 2020-08-28 | not yet calculated | CVE-2019-4533 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. | 2020-08-27 | not yet calculated | CVE-2020-4175 XF CONFIRM |
ibm -- security_guardium_insights | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. | 2020-08-24 | not yet calculated | CVE-2020-4165 XF CONFIRM |
ibm -- spectrum_protext_server | IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. | 2020-08-28 | not yet calculated | CVE-2020-4591 XF CONFIRM |
ibm -- specturm_protect | IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. | 2020-08-28 | not yet calculated | CVE-2020-4559 XF CONFIRM |
ibm -- trusteer_rapport/apex | IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. | 2020-08-24 | not yet calculated | CVE-2018-1985 XF CONFIRM |
inogard -- ebiz4u | A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | 2020-08-24 | not yet calculated | CVE-2020-7831 MISC |
jackson -- jackson | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | 2020-08-25 | not yet calculated | CVE-2020-24616 MISC MISC |
jetbrains -- youtrack | In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. | 2020-08-27 | not yet calculated | CVE-2020-24618 MISC MISC |
jitsi -- meet_electron | jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | 2020-08-29 | not yet calculated | CVE-2020-25019 MISC MISC MISC |
joomla -- component_gmappfp | In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | 2020-08-27 | not yet calculated | CVE-2020-23972 MISC |
kandnconcepts_club -- kandnconcepts_club | KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. | 2020-08-27 | not yet calculated | CVE-2020-23977 MISC |
kandnconcepts_club -- kandnconcepts_club | KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | 2020-08-27 | not yet calculated | CVE-2020-23973 MISC |
libiec61850 -- libiec61850 | In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions. | 2020-08-26 | not yet calculated | CVE-2020-15158 MISC MISC CONFIRM |
maltego -- maltego | Maltego before 4.2.12 allows XXE attacks. | 2020-08-26 | not yet calculated | CVE-2020-24656 MISC MISC |
marvell -- qconvergeconsole | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. | 2020-08-25 | not yet calculated | CVE-2020-15639 MISC MISC |
maven -- gradle_enterprise | An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation). | 2020-08-25 | not yet calculated | CVE-2020-15777 CONFIRM |
mcafee -- application_control | Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | 2020-08-26 | not yet calculated | CVE-2020-7309 CONFIRM |
mediawiki -- mediawiki | in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. | 2020-08-28 | not yet calculated | CVE-2020-15164 MISC CONFIRM |
mercedes-benz -- c_class_amg_premium_plus_c22_bluetec_vehicles | On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | 2020-08-27 | not yet calculated | CVE-2020-16142 MISC |
metasploit_framework -- metasploit_framework | The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | 2020-08-24 | not yet calculated | CVE-2020-7376 CONFIRM |
metasploit_framework -- metasploit_framework | The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | 2020-08-24 | not yet calculated | CVE-2020-7377 CONFIRM |
michael-design -- ichat_realtime_php_live_support_system | Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | 2020-08-27 | not yet calculated | CVE-2020-23983 MISC |
minetime -- minetime | MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | 2020-08-24 | not yet calculated | CVE-2020-24364 MISC MISC |
mitel -- micollab | The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, | 2020-08-26 | not yet calculated | CVE-2020-13767 MISC CONFIRM |
mitel -- micollab | An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. | 2020-08-26 | not yet calculated | CVE-2020-11797 CONFIRM CONFIRM |
mitel -- micollab | The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. | 2020-08-26 | not yet calculated | CVE-2020-13863 MISC CONFIRM |
mitel -- mivoice_connect_client | A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | 2020-08-26 | not yet calculated | CVE-2020-12456 MISC CONFIRM |
mitel -- mivoice_phones | The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | 2020-08-26 | not yet calculated | CVE-2020-13617 MISC CONFIRM |
moscajs -- aedes_mqtt_broker | An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. | 2020-08-26 | not yet calculated | CVE-2020-13410 MISC MISC |
mpjx -- mpjx | MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. | 2020-08-29 | not yet calculated | CVE-2020-25020 MISC |
nescomed -- multipara_monitor_m1000_devices | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. | 2020-08-26 | not yet calculated | CVE-2020-15483 MISC MISC |
nescomed -- multipara_monitor_m1000_devices | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. | 2020-08-26 | not yet calculated | CVE-2020-15484 MISC MISC |
nescomed -- multipara_monitor_m1000_devices | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. | 2020-08-26 | not yet calculated | CVE-2020-15485 MISC MISC |
nescomed -- multipara_monitor_m1000_devices | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. | 2020-08-26 | not yet calculated | CVE-2020-15482 MISC MISC |
netflix -- spinnaker | The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. | 2020-08-28 | not yet calculated | CVE-2020-9298 MISC |
netgear -- netgear | Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. | 2020-08-28 | not yet calculated | CVE-2020-5621 JVN MISC MISC MISC |
netwide -- assembler | In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | 2020-08-25 | not yet calculated | CVE-2020-24241 MISC |
netwide -- assembler | In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | 2020-08-25 | not yet calculated | CVE-2020-24242 MISC |
network_time_protocol -- mintegraladsdk | This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | 2020-08-24 | not yet calculated | CVE-2020-7705 MISC MISC MISC |
nitori -- nitori | NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2020-08-28 | not yet calculated | CVE-2020-5623 MISC |
nodebb -- nodebb | In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation. | 2020-08-26 | not yet calculated | CVE-2020-15156 MISC CONFIRM MISC |
nova -- openstack | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. | 2020-08-26 | not yet calculated | CVE-2020-17376 MISC MISC CONFIRM |
oasis -- digital_signature_services | In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation. | 2020-08-24 | not yet calculated | CVE-2020-13101 CONFIRM MISC |
octopus -- deploy | An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. | 2020-08-25 | not yet calculated | CVE-2020-16197 CONFIRM CONFIRM CONFIRM |
online_bike_rental -- online_bike_rental | An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | 2020-08-27 | not yet calculated | CVE-2020-24196 MISC |
openfzs -- openzfs | OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | 2020-08-27 | not yet calculated | CVE-2020-24716 MISC MISC MISC MISC |
openfzs -- openzfs | OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. | 2020-08-27 | not yet calculated | CVE-2020-24717 MISC MISC MISC MISC |
opensis -- community_edition | openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | 2020-08-24 | not yet calculated | CVE-2020-6637 MISC MISC MISC MISC |
oracle -- netsuite | Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N). | 2020-08-27 | not yet calculated | CVE-2020-14729 MISC |
oracle -- netsuite | Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-08-27 | not yet calculated | CVE-2020-14728 MISC |
parallels -- desktop | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518. | 2020-08-25 | not yet calculated | CVE-2020-17391 MISC MISC |
parallels -- desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030. | 2020-08-25 | not yet calculated | CVE-2020-17390 MISC MISC |
parallels -- desktop | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132. | 2020-08-25 | not yet calculated | CVE-2020-17394 MISC MISC |
parallels -- desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11253. | 2020-08-25 | not yet calculated | CVE-2020-17397 MISC MISC |
parallels -- desktop | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063. | 2020-08-25 | not yet calculated | CVE-2020-17402 MISC MISC |
php-fusion -- php-fusion | PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | 2020-08-26 | not yet calculated | CVE-2020-23658 MISC |
premid -- premid | managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. | 2020-08-29 | not yet calculated | CVE-2020-24928 MISC |
projects_world -- house_rental | File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | 2020-08-27 | not yet calculated | CVE-2020-24202 MISC MISC |
projects_world -- travel_managelemt_system | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | 2020-08-27 | not yet calculated | CVE-2020-24203 MISC MISC |
qemu -- qemu | oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | 2020-08-27 | not yet calculated | CVE-2020-14415 CONFIRM UBUNTU |
raspap -- raspap | An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). | 2020-08-24 | not yet calculated | CVE-2020-24572 MISC MISC MISC MISC |
redhat -- redhat | An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | 2020-08-24 | not yet calculated | CVE-2020-10775 MISC |
rust -- rust | A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | 2020-08-29 | not yet calculated | CVE-2020-25016 MISC MISC |
scalyr_agent -- scalyr_agent | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. | 2020-08-27 | not yet calculated | CVE-2020-24714 MISC |
scalyr_agent -- scalyr_agent | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. | 2020-08-27 | not yet calculated | CVE-2020-24715 MISC |
secomea -- gatemanager | Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. | 2020-08-25 | not yet calculated | CVE-2020-14500 MISC |
secomea -- gatemanager | GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. | 2020-08-25 | not yet calculated | CVE-2020-14508 MISC |
secomea -- gatemanager | GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | 2020-08-25 | not yet calculated | CVE-2020-14510 MISC |
seczetta -- neprofile | A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. | 2020-08-26 | not yet calculated | CVE-2020-12855 MISC |
sonatype -- nexus_repository | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | 2020-08-25 | not yet calculated | CVE-2020-24622 MISC |
squid -- squid | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | 2020-08-24 | not yet calculated | CVE-2020-24606 MISC MISC DEBIAN |
thames -- dis | Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 | 2020-08-21 | not yet calculated | CVE-2020-15858 CONFIRM |
trend_micro -- deep_security_manager | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | 2020-08-27 | not yet calculated | CVE-2020-15601 MISC MISC |
trend_micro -- vulnerability_protection | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | 2020-08-27 | not yet calculated | CVE-2020-15605 MISC MISC |
trend_micro -- deep_security | A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | 2020-08-27 | not yet calculated | CVE-2020-8602 MISC |
umanni -- umanni | Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2020-08-26 | not yet calculated | CVE-2020-24008 MISC MISC |
umanni -- umanni | Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | 2020-08-26 | not yet calculated | CVE-2020-24007 MISC MISC |
vimeo -- vimeo | Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. | 2020-08-27 | not yet calculated | CVE-2020-23576 MISC |
webexcels -- ecommerce_cms | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter. | 2020-08-27 | not yet calculated | CVE-2020-23975 MISC MISC |
webexcels -- ecommerce_cms | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. | 2020-08-27 | not yet calculated | CVE-2020-23976 MISC MISC |
wolfssl -- woldssl | wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | 2020-08-24 | not yet calculated | CVE-2020-24613 MISC |
wordpress -- wordpress | Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | 2020-08-26 | not yet calculated | CVE-2020-24315 MISC MISC |
wordpress -- wordpress | An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. | 2020-08-26 | not yet calculated | CVE-2020-11497 MISC MISC MISC |
wordpress -- wordpress | A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | 2020-08-24 | not yet calculated | CVE-2020-24186 MISC |
wordpress -- wordpress | Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | 2020-08-26 | not yet calculated | CVE-2020-24313 MISC MISC |
wordpress -- wordpress | Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | 2020-08-26 | not yet calculated | CVE-2020-24314 MISC MISC |
wordpress -- wordpress | WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | 2020-08-26 | not yet calculated | CVE-2020-24316 MISC MISC |
wso2 -- mulitple_products | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | 2020-08-27 | not yet calculated | CVE-2020-24706 MISC |
wso2 -- mulitple_products | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | 2020-08-27 | not yet calculated | CVE-2020-24704 MISC |
wso2 -- mulitple_products | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | 2020-08-27 | not yet calculated | CVE-2020-24703 MISC |
wso2 -- mulitple_products | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | 2020-08-27 | not yet calculated | CVE-2020-24705 MISC |
xoonips -- xoonips | Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 2020-08-28 | not yet calculated | CVE-2020-5625 MISC MISC MISC |
xoonips -- xoonips | SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2020-08-28 | not yet calculated | CVE-2020-5624 MISC MISC MISC |
zrlog -- zrlog | zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | 2020-08-25 | not yet calculated | CVE-2020-19005 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.