Vulnerability Summary for the Week of August 31, 2020

Released
Sep 07, 2020
Document ID
SB20-251

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
arr-flatten-unflatten_project -- arr-flatten-unflattenAll versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.2020-09-017.5CVE-2020-7713
CONFIRM
canonical -- checkinstallcheckinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.2020-08-317.2CVE-2020-25031
MISC
cisco -- ios_xrA vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.2020-08-297.8CVE-2020-3566
CISCO
deep-get-set_project -- deep-get-setAll versions of package deep-get-set are vulnerable to Prototype Pollution via the main function.2020-09-017.5CVE-2020-7715
MISC
digitalbazzar -- forgeThe package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.2020-09-017.5CVE-2020-7720
CONFIRM
MISC
MISC
dot-notes_project -- dot-notesAll versions of package dot-notes are vulnerable to Prototype Pollution via the create function.2020-09-017.5CVE-2020-7717
MISC
gammautils_project -- gammautilsAll versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.2020-09-017.5CVE-2020-7718
MISC
gedi_project -- gediAll versions of package gedi are vulnerable to Prototype Pollution via the set function.2020-09-017.5CVE-2020-7727
MISC
google -- androidAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).2020-08-317.5CVE-2020-25055
MISC
google -- androidAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).2020-08-317.5CVE-2020-25049
MISC
google -- androidAn issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020).2020-08-317.5CVE-2020-25052
MISC
google -- androidAn issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020).2020-08-317.5CVE-2020-25053
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).2020-08-317.5CVE-2020-25062
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).2020-08-317.5CVE-2020-25057
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).2020-08-317.5CVE-2020-25061
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).2020-08-317.8CVE-2020-25065
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).2020-08-317.5CVE-2020-25058
MISC
guidesmiths -- worksmithAll versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.2020-09-017.5CVE-2020-7725
MISC
heybbs_project -- heybbsHeybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.2020-09-037.5CVE-2020-25005
MISC
MISC
heybbs_project -- heybbsHeybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code.2020-09-037.5CVE-2020-25006
MISC
MISC
heybbs_project -- heybbsHeybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.2020-09-037.5CVE-2020-25004
MISC
MISC
invertase -- deepsAll versions of package deeps are vulnerable to Prototype Pollution via the set function.2020-09-017.5CVE-2020-7716
MISC
locutus_project -- locutusVersions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.2020-09-017.5CVE-2020-7719
CONFIRM
MISC
mpxj -- mpxjMPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.2020-08-297.5CVE-2020-25020
MISC
node-oojs_project -- node-oojsAll versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.2020-09-017.5CVE-2020-7721
MISC
nodee-utils_project -- nodee-utilsAll versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.2020-09-017.5CVE-2020-7722
MISC
os4ed -- opensisAn exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6141
MISC
os4ed -- opensisSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6138
MISC
os4ed -- opensisSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6137
MISC
os4ed -- opensisA remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6144
MISC
os4ed -- opensisA remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6143
MISC
os4ed -- opensisA remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6142
MISC
os4ed -- opensisSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6140
MISC
os4ed -- opensisSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.2020-09-017.5CVE-2020-6139
MISC
qemu -- qemuAn out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.2020-08-317.2CVE-2020-14364
MISC
MISC
MISC
realseriousgames -- confuciousAll versions of package confucious are vulnerable to Prototype Pollution via the set function.2020-09-017.5CVE-2020-7714
MISC
redlion -- n-tron_702-w_firmwareThe affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).2020-09-0110CVE-2020-16204
MISC
FULLDISC
MISC
riken -- xoonipsSQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2020-08-287.5CVE-2020-5624
MISC
MISC
MISC
rpm -- libreproA flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.2020-08-308.5CVE-2020-14352
MISC
MISC
safe-object2_project -- safe-object2All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.2020-09-017.5CVE-2020-7726
MISC
schneider-electric -- apc_easy_ups_online_softwareImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.2020-08-317.5CVE-2020-7521
MISC
schneider-electric -- apc_easy_ups_online_softwareImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories.2020-08-317.5CVE-2020-7522
MISC
tiny-conf_project -- tiny-confAll versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.2020-09-017.5CVE-2020-7724
MISC
usvn -- usvnUSVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.2020-09-017.5CVE-2020-25069
MISC
yola -- promisehelpersAll versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.2020-09-017.5CVE-2020-7723
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apc -- powerchuteImproper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.2020-08-316.5CVE-2020-7526
MISC
appsaloon -- wp-gdprcontroller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.2020-08-314.3CVE-2020-20628
MISC
basercms -- basercmsbaserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.2020-08-284.6CVE-2020-15159
MISC
MISC
CONFIRM
bitdefender -- endpoint_securityAn improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.2020-08-304.6CVE-2020-8097
MISC
blubrry -- subscribe_sidebarThe Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.2020-08-314.3CVE-2020-25033
MISC
MISC
bufferlist_project -- bufferlistA buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.2020-08-305.5CVE-2020-8244
MISC
chamber_dashboard_business_directory_project -- chamber_dashboard_business_directoryThe Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.2020-08-314.3CVE-2020-24699
MISC
MISC
chameleon_mini_live_debugger_project -- chameleon_mini_live_debuggerVersion 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.2020-08-286.4CVE-2020-15165
CONFIRM
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php.2020-09-034.3CVE-2020-25087
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php.2020-09-034.3CVE-2020-25090
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php.2020-09-034.3CVE-2020-25089
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel.2020-09-034.3CVE-2020-25092
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php.2020-09-034.3CVE-2020-25091
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php.2020-09-034.3CVE-2020-25086
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel.2020-09-034.3CVE-2020-25093
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapEcommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.2020-09-034.3CVE-2020-25088
MISC
flask-cors_project -- flask-corsAn issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.2020-08-315CVE-2020-25032
MISC
forgerock -- identity_managerDashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.2020-08-314.3CVE-2020-17465
MISC
MISC
get-simple -- getsimple_cmsA Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.2020-09-014.3CVE-2020-23839
MISC
gigadevice -- gd32f103_firmwareThe security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface.2020-08-314.6CVE-2020-13465
MISC
gigadevice -- gd32f130_firmwareGigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection).2020-08-314.6CVE-2020-13468
MISC
golang -- goGo before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.2020-09-024.3CVE-2020-24553
MISC
FULLDISC
MISC
google -- androidAn issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).2020-08-315CVE-2020-25056
MISC
google -- androidAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).2020-08-315CVE-2020-25051
MISC
google -- androidAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).2020-08-315CVE-2020-25050
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).2020-08-315CVE-2020-25063
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).2020-08-315CVE-2020-25059
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).2020-08-315CVE-2020-25064
MISC
google -- androidAn issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).2020-08-314.6CVE-2020-25060
MISC
grafana -- grafanaGrafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.2020-08-284CVE-2019-19499
MISC
hoosk -- hooskHoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.2020-08-284.3CVE-2020-16610
MISC
CONFIRM
ibm -- infosphere_guardiumIBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.2020-09-016.5CVE-2012-3336
CONFIRM
XF
ibm -- infosphere_guardiumIBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.2020-09-014CVE-2012-3340
CONFIRM
XF
ibm -- infosphere_guardiumIBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.2020-09-015CVE-2012-3337
CONFIRM
XF
ibm -- infosphere_guardiumIBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.2020-09-015CVE-2012-3338
CONFIRM
XF
ibm -- resilient_security_orchestration_automation_and_responseIBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.2020-08-284CVE-2019-4533
XF
CONFIRM
ibm -- resilient_security_orchestration_automation_and_responseIBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.2020-08-284CVE-2019-4579
XF
CONFIRM
ibm -- spectrum_protectIBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.2020-08-285CVE-2020-4559
XF
CONFIRM
jenkins -- databaseA cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.2020-09-016.8CVE-2020-2241
MLIST
CONFIRM
jenkins -- databaseA cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.2020-09-016.8CVE-2020-2240
MLIST
CONFIRM
jenkins -- databaseA missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.2020-09-014CVE-2020-2242
MLIST
CONFIRM
jenkins -- jenkinsJenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.2020-09-014CVE-2020-2251
MLIST
CONFIRM
jenkins -- jsgamesJenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.2020-09-014.3CVE-2020-2248
MLIST
CONFIRM
jenkins -- klocwork_analysisJenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-09-014CVE-2020-2247
MLIST
CONFIRM
jenkins -- parameterized_remote_triggerJenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.2020-09-014CVE-2020-2239
MLIST
CONFIRM
jenkins -- soapui_pro_functional_testingJenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.2020-09-014CVE-2020-2250
MLIST
CONFIRM
jenkins -- valgrindJenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-09-015.5CVE-2020-2245
MLIST
CONFIRM
jitsi -- meet_electronjitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.2020-08-294.3CVE-2020-25019
MISC
MISC
MISC
json_project -- jsonThis affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.2020-08-306.5CVE-2020-7712
MISC
MISC
MISC
MISC
MISC
kleopatra_project -- kleopatraThe Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.2020-08-296.5CVE-2020-24972
MISC
MISC
GENTOO
mara_cms_project -- mara_cmsMara CMS 7.5 allows contact.php?theme= XSS.2020-08-304.3CVE-2020-24223
MISC
MISC
MISC
netgear -- gs716tv2_firmwareCross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.2020-08-284.3CVE-2020-5621
JVN
MISC
MISC
MISC
nitori -- nitoriNITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.2020-08-285.8CVE-2020-5623
MISC
o-dyn -- collabtiveAn issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.2020-08-314.3CVE-2020-13655
MISC
MISC
online_book_store_project -- online_book_storeIn projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.2020-08-315CVE-2020-24115
MISC
os4ed -- opensisAn exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6136
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.2020-09-016.5CVE-2020-6130
MISC
os4ed -- opensisAn exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6125
MISC
os4ed -- opensisSQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6128
MISC
os4ed -- opensisSQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6132
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6133
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6134
MISC
os4ed -- opensisAn exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6135
MISC
os4ed -- opensisSQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.2020-09-016.5CVE-2020-6126
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.2020-09-016.5CVE-2020-6129
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.2020-09-016.5CVE-2020-6131
MISC
os4ed -- opensisAn exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6124
MISC
os4ed -- opensisSQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6127
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6118
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6119
MISC
os4ed -- opensisSQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6120
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6121
MISC
os4ed -- opensisSQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6122
MISC
os4ed -- opensisSQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6117
MISC
os4ed -- opensisAn exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-09-016.5CVE-2020-6123
MISC
osticket -- osticketosTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.2020-08-304.3CVE-2020-24917
MISC
MISC
MISC
pix-link -- lv-wr07_firmwareXSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter.2020-08-304.3CVE-2020-24104
MISC
premid -- premidmanagers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.2020-08-295CVE-2020-24928
MISC
rgb-rust_project -- rgb-rustA safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.2020-08-296.4CVE-2020-25016
MISC
MISC
riken -- xoonipsCross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.2020-08-284.3CVE-2020-5625
MISC
MISC
MISC
schneider-electric -- somoveIncorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.2020-08-314.6CVE-2020-7527
MISC
schneider-electric -- spacelynk_firmwareImproper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.2020-08-315CVE-2020-7525
MISC
schneider_electric -- modbus_driver_suiteImproper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.2020-08-314.4CVE-2020-7523
MISC
scratch-wiki -- scratch_loginin Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.2020-08-286.4CVE-2020-15164
MISC
CONFIRM
shadan-kun -- server_security_typeShadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted request.2020-09-025CVE-2020-5622
MISC
MISC
sick -- lms111_firmwarePlatform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.2020-08-315CVE-2020-2075
MISC
slicedinvoices -- sliced_invoicesSliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.2020-08-315CVE-2020-20625
MISC
spinnaker -- orcaThe Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.2020-08-285CVE-2020-9298
MISC
stiltsoft -- table_filter_and_charts_for_confluence_serverThe Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).2020-08-294CVE-2020-24898
MISC
stock_management_system_project -- stock_management_systemA Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.2020-09-014.3CVE-2020-23831
MISC
MISC
tailor_management_system_project -- tailor_management_systemA Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.2020-09-014.3CVE-2020-23835
MISC
u-root -- u-rootThis affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.2020-09-015CVE-2020-7666
CONFIRM
CONFIRM
u-root -- u-rootThis affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.2020-09-015CVE-2020-7665
MISC
MISC
usvn -- usvnUSVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.2020-09-016.8CVE-2020-25070
MISC
xuxueli -- xxl-jobMultiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.2020-09-034.3CVE-2020-23814
MISC
MISC
zyxel -- vmg5313-b30b_firmwareZyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.2020-08-316.5CVE-2020-24354
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
basercms -- basercmsbaserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.2020-08-282.1CVE-2020-15154
MISC
CONFIRM
basercms -- basercmsbaserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.2020-08-282.1CVE-2020-15155
MISC
MISC
CONFIRM
elementor -- page_builderAn issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.2020-08-313.5CVE-2020-15020
MISC
MISC
gigadevice -- gd32f103_firmwareThe flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.2020-08-312.1CVE-2020-13472
MISC
gigadevice -- gd32f103_firmwareGigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.2020-08-312.1CVE-2020-13470
MISC
gigadevice -- gd32vf103_firmwareThe flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.2020-08-312.1CVE-2020-13469
MISC
google -- androidAn issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).2020-08-312.1CVE-2020-25048
MISC
google -- androidAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).2020-08-312.1CVE-2020-25047
MISC
google -- androidAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).2020-08-312.1CVE-2020-25046
MISC
ibm -- infosphere_guardiumIBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294.2020-09-013.5CVE-2012-3341
CONFIRM
XF
ibm -- spectrum_protect_serverIBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.2020-08-281.9CVE-2020-4591
XF
CONFIRM
ibm -- spectrum_scaleIBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.2020-08-312.1CVE-2020-4492
XF
CONFIRM
jenkins -- build_failure_analyzerJenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.2020-09-013.5CVE-2020-2244
MLIST
CONFIRM
jenkins -- cadence_vmanagerJenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.2020-09-013.5CVE-2020-2243
MLIST
CONFIRM
jenkins -- git_parameterJenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.2020-09-013.5CVE-2020-2238
MLIST
CONFIRM
jenkins -- team_foundation_serverJenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.2020-09-012.1CVE-2020-2249
MLIST
CONFIRM
jenkins -- valgrindJenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.2020-09-013.5CVE-2020-2246
MLIST
CONFIRM
redlion -- n-tron_702-w_firmwareThe affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).2020-09-013.5CVE-2020-16206
MISC
FULLDISC
MISC
redlion -- n-tron_702-w_firmwareThe affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).2020-09-013.5CVE-2020-16210
MISC
FULLDISC
MISC
stiltsoft -- table_filter_and_charts_for_confluence_serverThe Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.2020-08-293.5CVE-2020-24897
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.2020-09-033.5CVE-2020-25117
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.2020-09-033.5CVE-2020-25118
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.2020-09-033.5CVE-2020-25115
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.2020-09-033.5CVE-2020-25124
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.2020-09-033.5CVE-2020-25123
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.2020-09-033.5CVE-2020-25122
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.2020-09-033.5CVE-2020-25116
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.2020-09-033.5CVE-2020-25120
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.2020-09-033.5CVE-2020-25119
MISC
vbulletin -- vbulletinThe Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.2020-09-033.5CVE-2020-25121
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accusoft -- imagegear
 
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2020-09-01not yet calculatedCVE-2020-6151
MISC
accusoft -- imagegear
 
A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file.2020-09-01not yet calculatedCVE-2020-6152
MISC
add-apt-repository -- add-apt-repository
 
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.2020-09-05not yet calculatedCVE-2020-15709
MISC
apache -- cassandra
 
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.2020-09-01not yet calculatedCVE-2020-13946
MLIST
MLIST
MISC
apex_microelectronics -- apm32f103_devices
 
Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.2020-08-31not yet calculatedCVE-2020-13471
MISC
apex_microelectronics -- apm32f103_devices
 
The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.2020-08-31not yet calculatedCVE-2020-13463
MISC
aruba -- clearpassA vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.2020-09-04not yet calculatedCVE-2020-7119
MISC
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.2020-09-01not yet calculatedCVE-2020-14178
MISC
beijing_qihoo_technology -- 360_speed_browser360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.2020-09-03not yet calculatedCVE-2020-24158
MISC
best_support_system -- best_support_system
 
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.2020-09-04not yet calculatedCVE-2020-24963
MISC
MISC
bestzip -- bestzip
 
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.2020-09-04not yet calculatedCVE-2020-7730
MISC
MISC
bundler -- bundler
 
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.2020-09-04not yet calculatedCVE-2019-3881
MISC
canonical -- ubuntu
 
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.2020-09-01not yet calculatedCVE-2020-15704
UBUNTU
UBUNTU
china_key_systems_&_integrated_circuit -- cks32f103_devicesThe flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.2020-08-31not yet calculatedCVE-2020-13464
MISC
china_key_systems_&_integrated_circuit -- cks32f103_devices
 
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.2020-08-31not yet calculatedCVE-2020-13467
MISC
cisco -- asyncos_and_email_security_appliance
 
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability.2020-09-04not yet calculatedCVE-2020-3546
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.2020-09-04not yet calculatedCVE-2020-3478
CISCO
cisco -- enterprise_nfv_infrastructure_software
 
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device.2020-09-04not yet calculatedCVE-2020-3365
CISCO
cisco -- fxos_software
 
A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.2020-09-04not yet calculatedCVE-2020-3545
CISCO
cisco -- ios_xr_software
 
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group&ndash;based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.2020-09-04not yet calculatedCVE-2020-3473
CISCO
cisco -- ios_xr_software
 
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.2020-09-04not yet calculatedCVE-2020-3530
CISCO
cisco -- jabber
 
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.2020-09-04not yet calculatedCVE-2020-3498
CISCO

cisco -- jabber_for_windows

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.2020-09-04not yet calculatedCVE-2020-3537
CISCO
cisco -- jabber_for_windows
 
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.2020-09-04not yet calculatedCVE-2020-3495
CISCO
cisco -- jabber_for_windows
 
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.2020-09-04not yet calculatedCVE-2020-3430
CISCO

cisco -- multiple_products

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.2020-09-04not yet calculatedCVE-2020-3541
CISCO
cisco -- multiple_products
 
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface.2020-09-04not yet calculatedCVE-2020-3547
CISCO
cisco -- small_business_rv340_series_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-04not yet calculatedCVE-2020-3451
CISCO
cisco -- small_business_rv340_series_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-04not yet calculatedCVE-2020-3453
CISCO
cisco -- webex_training
 
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting.2020-09-04not yet calculatedCVE-2020-3542
CISCO
cloud_foundry -- capi
 
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).2020-09-03not yet calculatedCVE-2020-5418
CONFIRM
cloud_foundry -- routing
 
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.2020-09-03not yet calculatedCVE-2020-5420
CONFIRM
concrete5 -- concrete5
 
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.2020-09-04not yet calculatedCVE-2020-24986
MISC
d-link -- dcs-2530l_and_dcs-2670l_devices
 
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.2020-09-02not yet calculatedCVE-2020-25079
MISC
MISC
d-link -- dcs-2530l_and_dcs-2670l_devices
 
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.2020-09-02not yet calculatedCVE-2020-25078
MISC
MISC
dell -- emc_ecs
 
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.2020-09-02not yet calculatedCVE-2020-5386
MISC
dell -- emc_isilon_onefs
 
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.2020-09-02not yet calculatedCVE-2020-5369
MISC
dell -- g7_17_7790_bios
 
Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).2020-09-02not yet calculatedCVE-2020-5378
MISC
dell -- inspiron_7347_bios
 
Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).2020-09-02not yet calculatedCVE-2020-5376
MISC
dell -- inspiron_7352_bios
 
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).2020-09-02not yet calculatedCVE-2020-5379
MISC
django -- djangoAn issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.2020-09-01not yet calculatedCVE-2020-24583
MISC
MISC
MISC
UBUNTU
MISC
MISC
django -- djangoAn issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.2020-09-01not yet calculatedCVE-2020-24584
MISC
MISC
MISC
UBUNTU
MISC
MISC
dolibarr -- dolibarrDolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).2020-09-02not yet calculatedCVE-2020-14209
CONFIRM
MISC
dolibarr -- dolibarr
 
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.2020-08-31not yet calculatedCVE-2020-13828
MISC
duffel -- paginator
 
There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.2020-09-01not yet calculatedCVE-2020-15150
CONFIRM
CONFIRM
CONFIRM
CONFIRM
enghouse -- web_chat
 
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951.2020-09-03not yet calculatedCVE-2020-13972
MISC
eramba -- eramba_and_eramba_enterpriseeramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.2020-09-03not yet calculatedCVE-2020-25104
MISC
MISC
eramba -- eramba_and_eramba_enterpriseeramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).2020-09-03not yet calculatedCVE-2020-25105
MISC
MISC
erlang -- rebar3
 
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.2020-09-02not yet calculatedCVE-2020-13802
MISC
MISC
MISC
espressif -- esp32_devicesThe Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.2020-08-31not yet calculatedCVE-2020-13594
MISC
MISC
MISC
espressif -- esp32_devices
 
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.2020-08-31not yet calculatedCVE-2020-13595
MISC
MISC
MISC
facebook -- hermes
 
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.2020-09-04not yet calculatedCVE-2020-1911
CONFIRM
CONFIRM
forlogic -- qualiexForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.2020-09-02not yet calculatedCVE-2020-24028
MISC
MISC
MISC
forlogic -- qualiexBecause of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.2020-09-02not yet calculatedCVE-2020-24029
MISC
MISC
forlogic -- qualiexForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse.2020-09-02not yet calculatedCVE-2020-24030
MISC
MISC
foxit -- reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.2020-09-04not yet calculatedCVE-2020-12247
MISC
foxit -- reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.2020-09-04not yet calculatedCVE-2020-12248
MISC
foxit -- reader_and_phantompdf
 
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.2020-09-04not yet calculatedCVE-2020-11493
MISC
freedombox -- freedombox
 
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.2020-09-02not yet calculatedCVE-2020-25073
MISC
ghostscript -- ghostscript
 
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.2020-09-03not yet calculatedCVE-2020-14373
MISC
MISC
MISC
gmapfp -- gmapfpgmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.2020-09-01not yet calculatedCVE-2020-23971
MISC
gnome_project -- libxml2GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).2020-09-04not yet calculatedCVE-2020-24977
MISC
gnu -- bison
 
An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character '\' at the end and while still in a character or a string.2020-09-04not yet calculatedCVE-2020-24980
MISC
MISC
gnu -- bison
 
A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash.2020-09-04not yet calculatedCVE-2020-24979
MISC
MISC
gnupg -- gnupg
 
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.2020-09-03not yet calculatedCVE-2020-25125
MLIST
MLIST
MISC
MISC
MISC
MISC
gnutls -- gnutls
 
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.2020-09-04not yet calculatedCVE-2020-24659
MISC
GENTOO
MISC
grunt -- grunt
 
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.2020-09-03not yet calculatedCVE-2020-7729
CONFIRM
CONFIRM
CONFIRM
CONFIRM
guangzhou_netease_computer_system -- netease_mail_masterGuangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.2020-09-03not yet calculatedCVE-2020-24161
MISC
guangzhou_netease_computer_system -- netease_youdao_dictionaryNetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.2020-09-03not yet calculatedCVE-2020-24159
MISC
huawei -- honor_20_pro_smartphonesHuawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.2020-09-03not yet calculatedCVE-2020-9235
MISC
huawei -- mate_20_smartphones
 
HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service.2020-09-03not yet calculatedCVE-2020-9083
MISC
huawei -- multiple_products
 
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.2020-09-03not yet calculatedCVE-2020-9199
MISC
ibm -- api_connect
 
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.2020-09-03not yet calculatedCVE-2020-4337
XF
CONFIRM
ibm -- api_manager
 
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.2020-09-03not yet calculatedCVE-2020-4638
XF
CONFIRM
ibm -- aspera_connect
 
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.2020-09-04not yet calculatedCVE-2020-4545
XF
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.2020-09-04not yet calculatedCVE-2020-4702
XF
CONFIRM
ibm -- infosphere_metadata_asset_manager
 
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.2020-09-04not yet calculatedCVE-2020-4632
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.2020-09-02not yet calculatedCVE-2020-4522
XF
CONFIRM
ibm -- jazz_team_server
 
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.2020-09-02not yet calculatedCVE-2020-4445
XF
CONFIRM
ibm -- jazz_team_server
 
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.2020-09-02not yet calculatedCVE-2020-4546
XF
CONFIRM
ibm -- spectrum_protect_operations_center
 
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.2020-09-02not yet calculatedCVE-2020-4693
XF
CONFIRM
ignite_realtime -- openfire
 
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page2020-09-02not yet calculatedCVE-2020-24602
MISC
ignite_realtime -- openfire
 
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page2020-09-02not yet calculatedCVE-2020-24601
MISC
ignite_realtime -- openfire
 
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp2020-09-02not yet calculatedCVE-2020-24604
MISC

kaspersky -- security_center_and_security_center_web_console

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.2020-09-02not yet calculatedCVE-2020-25045
MISC
kaspersky -- virus_removal_tool
 
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.2020-09-02not yet calculatedCVE-2020-25044
MISC
kaspersky -- vpn_secure_connectionThe installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.2020-09-02not yet calculatedCVE-2020-25043
MISC
kde -- ark
 
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.2020-09-02not yet calculatedCVE-2020-24654
SUSE
CONFIRM
CONFIRM
CONFIRM
DEBIAN
laravel -- laravel
 
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.2020-09-04not yet calculatedCVE-2020-24940
MISC
laravel -- laravel
 
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.2020-09-04not yet calculatedCVE-2020-24941
MISC
lenovo -- multiple_thinkpad_devices
 
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.2020-09-01not yet calculatedCVE-2020-8341
MISC
lenovo -- thinkpad_a285_devices
 
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.2020-09-01not yet calculatedCVE-2020-8335
MISC
librehealth -- ehr
 
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.2020-09-01not yet calculatedCVE-2020-23829
MISC
MISC
liferay -- liferay_portalThe redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.2020-09-01not yet calculatedCVE-2020-24554
MISC
CONFIRM
linux -- linux_kernelA flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.2020-09-03not yet calculatedCVE-2020-10720
MISC
MISC
magmi -- magmi
 
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.2020-09-01not yet calculatedCVE-2020-5777
MISC
magmi -- magmi
 
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.2020-09-01not yet calculatedCVE-2020-5776
MISC
mara_cms -- mara_cms
 
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.2020-09-03not yet calculatedCVE-2020-25042
MISC
MISC
mcafee -- true_key
 
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.2020-09-04not yet calculatedCVE-2020-7299
CONFIRM
midnightbsd_and_freebsd -- midnightbsd_and_freebsdA memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.2020-09-03not yet calculatedCVE-2020-24863
CONFIRM
MISC
CONFIRM
MISC
midnightbsd_and_freebsd -- midnightbsd_and_freebsdIn MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().2020-09-03not yet calculatedCVE-2020-24385
CONFIRM
MISC
milller -- millerIn Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.2020-09-02not yet calculatedCVE-2020-15167
CONFIRM
modicon -- m218_logic_controller
 
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.2020-08-31not yet calculatedCVE-2020-7524
MISC
multiple_vendors -- multiple_products
 
All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements.2020-09-01not yet calculatedCVE-2020-14514
MISC
multiux -- multiux
 
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field.2020-09-02not yet calculatedCVE-2020-17458
MISC
MISC
nasm -- nasm
 
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.2020-09-04not yet calculatedCVE-2020-24978
MISC
netapp -- clustered_data_ontapClustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.2020-09-02not yet calculatedCVE-2020-8576
MISC
netgear -- r8300_devicesNETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.2020-09-01not yet calculatedCVE-2020-25067
MISC
noise-java -- noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.2020-09-04not yet calculatedCVE-2020-25022
MISC
FULLDISC
MISC
CONFIRM
noise-java -- noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.2020-09-04not yet calculatedCVE-2020-25023
MISC
FULLDISC
MISC
CONFIRM
noise-java -- noise-java
 
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.2020-09-04not yet calculatedCVE-2020-25021
MISC
FULLDISC
MISC
CONFIRM
open-xchange -- ox_app_suite
 
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.2020-08-31not yet calculatedCVE-2020-12646
MISC
open-xchange -- ox_app_suite
 
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.2020-08-31not yet calculatedCVE-2020-12643
FULLDISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.2020-08-31not yet calculatedCVE-2020-12644
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.2020-08-31not yet calculatedCVE-2020-12645
MISC
MISC
openfind -- mail2000
 
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.2020-09-01not yet calculatedCVE-2020-12776
CONFIRM
oscommerce -- ce_phoenixSeveral XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.2020-09-03not yet calculatedCVE-2020-12058
MISC
MISC
MISC
oswapp -- warehouse_inventory_systemA Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.2020-09-01not yet calculatedCVE-2020-23836
MISC
MISC
pancake -- pancake
 
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.2020-09-03not yet calculatedCVE-2020-24876
MISC
php-fusion -- php-fusion
 
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).2020-09-03not yet calculatedCVE-2020-24949
MISC
phpkb -- phpkb
 
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.2020-09-03not yet calculatedCVE-2020-11579
MISC
MISC
MISC
MISC
project_acrn -- acrn
 
Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime.2020-08-31not yet calculatedCVE-2020-15687
MISC
MISC
MISC
python_packaging_authority -- python_package_index
 
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.2020-09-04not yet calculatedCVE-2019-20916
MISC
MISC
MISC
qemu -- qemu
 
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.2020-08-31not yet calculatedCVE-2020-12829
MISC
UBUNTU
raonwiz -- roan_kuploadRAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.2020-09-02not yet calculatedCVE-2020-7830
MISC
rapid7 -- metasploit
 
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.2020-09-01not yet calculatedCVE-2019-5645
MISC
rapid7 -- nexpose
 
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.2020-09-03not yet calculatedCVE-2020-7382
CONFIRM
rapid7 -- nexpose
 
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.2020-09-03not yet calculatedCVE-2020-7381
CONFIRM
razer_chroma -- sdk_rest_server
 
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.2020-09-02not yet calculatedCVE-2020-16602
MISC
MISC
MISC
real_time_logic -- barracudadrive
 
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.2020-09-04not yet calculatedCVE-2020-23834
MISC
MISC
red_lion -- n-tron_702-w_and_n-tron_702m12-w_devicesThe affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).2020-09-01not yet calculatedCVE-2020-16208
MISC
FULLDISC
MISC
sagemcom -- f@st_5280_routers
 
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.2020-09-01not yet calculatedCVE-2020-24034
MISC
FULLDISC
MISC
MISC
samsung -- multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).2020-08-31not yet calculatedCVE-2020-25054
MISC
senstar -- symphony
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.2020-09-01not yet calculatedCVE-2020-17405
N/A
setelsa -- conacwin
 
Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI.2020-09-03not yet calculatedCVE-2020-25068
MISC
MISC
MISC
shenzhen_tencent_computer_system -- tencent_app_pcThe Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.2020-09-03not yet calculatedCVE-2020-24162
MISC
shenzhen_tencent_computer_system -- tim_windows_clientShenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.2020-09-03not yet calculatedCVE-2020-24160
MISC
silverstripe-advancereports -- silverstripe-advancereportssilverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.2020-09-03not yet calculatedCVE-2020-25102
MISC
MISC
sourcecodester -- daily_tracker_systemA SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.2020-09-03not yet calculatedCVE-2020-24193
MISC
MISC
sourcecodester -- stock_management_system
 
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.2020-09-02not yet calculatedCVE-2020-23830
MISC
MISC
spiceworks -- spiceworks
 
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.2020-09-01not yet calculatedCVE-2020-23450
MISC
MISC
MISC

squid -- squid

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.2020-09-02not yet calculatedCVE-2020-15811
SUSE
MISC
FEDORA
FEDORA
UBUNTU
DEBIAN
squid -- squid
 
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.2020-09-02not yet calculatedCVE-2020-15810
SUSE
MISC
FEDORA
FEDORA
UBUNTU
DEBIAN
stmicroelectronics -- stm32f103_devicesSTMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.2020-08-31not yet calculatedCVE-2020-13466
MISC
superantispyware -- professional_x_trail
 
SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware.2020-09-01not yet calculatedCVE-2020-24955
MISC
MISC
suse -- multiple_products
 
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.2020-09-01not yet calculatedCVE-2020-8023
CONFIRM
suse -- opensuse_open_build_service
 
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .2020-09-01not yet calculatedCVE-2018-12475
CONFIRM
symfony -- symfony
 
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.2020-09-02not yet calculatedCVE-2020-15094
MISC
CONFIRM
MISC
MISC
teamwire -- teamwire
 
The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component.2020-09-02not yet calculatedCVE-2020-12621
MISC
MISC
tenda -- ac18_routerTenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius".2020-09-04not yet calculatedCVE-2020-24987
MISC
MISC
texas_instruments -- simplelink-cc2640r2-sdkThe Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).2020-08-31not yet calculatedCVE-2020-13593
MISC
MISC
MISC
thomson_and_philips -- tht741fta_and_dtr3502bfta_dvb-t2_devicesTHOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.2020-08-31not yet calculatedCVE-2020-11618
MISC
thomson_and_philips -- tht741fta_and_dtr3502bfta_dvb-t2_devices
 
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.2020-08-31not yet calculatedCVE-2020-11617
MISC
thomson_reuters -- eikon
 
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.2020-09-03not yet calculatedCVE-2019-10679
MISC
FULLDISC
MISC
MISC
MISC
tp-link -- tl-wa855re_v5_devices
 
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.2020-08-31not yet calculatedCVE-2020-24363
MISC
MISC
MISC
trading_technologies_messaging -- trading_technologies_messagingA flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result.2020-09-02not yet calculatedCVE-2020-5779
MISC
trading_technologies_messaging -- trading_technologies_messagingA flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.2020-09-02not yet calculatedCVE-2020-5778
MISC
trend_micro -- apex_oneA vulnerability in an Trend Micro Apex One dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2020-09-01not yet calculatedCVE-2020-24558
MISC
MISC
trend_micro -- apex_one_and_officescan_xg_sp1A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.2020-09-01not yet calculatedCVE-2020-24556
MISC
MISC
MISC
trend_micro -- apex_one_on_macos
 
A vulnerability in Trend Micro Apex One on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2020-09-01not yet calculatedCVE-2020-24559
MISC
MISC
trend_micro -- apex_one_on_microsoft_windows
 
A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.2020-09-01not yet calculatedCVE-2020-24557
MISC
MISC
trusted_firmware -- mbed_tlsA Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.2020-09-02not yet calculatedCVE-2020-16150
MISC
CONFIRM
typo3 -- typo3The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).2020-09-02not yet calculatedCVE-2020-25025
MISC
CONFIRM
typo3 -- typo3The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.2020-09-02not yet calculatedCVE-2020-25026
MISC
CONFIRM
u-root -- u-root
 
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.2020-09-01not yet calculatedCVE-2020-7669
CONFIRM
CONFIRM
ucms -- ucms
 
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.2020-09-04not yet calculatedCVE-2020-24981
MISC
vmware -- rabbitmq
 
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.2020-08-31not yet calculatedCVE-2020-5419
CONFIRM

whatsapp -- multiple_products

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.2020-09-03not yet calculatedCVE-2020-1891
CONFIRM
whatsapp -- multiple_productsA stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.2020-09-03not yet calculatedCVE-2020-1894
CONFIRM
whatsapp -- whatsapp_desktop
 
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.2020-09-03not yet calculatedCVE-2019-11928
CONFIRM
whatsapp -- whatsapp_desktop
 
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.2020-09-03not yet calculatedCVE-2020-1889
CONFIRM

whatsapp -- whatsapp_for_android_and_whatsapp_business_for_android

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.2020-09-03not yet calculatedCVE-2020-1890
CONFIRM

whatsapp -- whatsapp_for_android_and_whatsapp_business_for_android

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.2020-09-03not yet calculatedCVE-2020-1886
CONFIRM
wordpress -- wordpresslara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.2020-08-31not yet calculatedCVE-2020-20626
MISC
wordpress -- wordpressThe includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.2020-08-31not yet calculatedCVE-2020-20627
MISC
wordpress -- wordpress
 
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.2020-09-03not yet calculatedCVE-2020-24948
MISC
xpdf -- xpdf
 
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2020-09-03not yet calculatedCVE-2020-24999
MISC
xpdf -- xpdf
 
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2020-09-03not yet calculatedCVE-2020-24996
MISC
xxl-job -- xxl-jobxxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.2020-09-03not yet calculatedCVE-2020-23811
MISC
zoho -- manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.2020-09-04not yet calculatedCVE-2020-14008
MISC
MISC
MISC
zoho -- manageengine_exchange_reporter_plus
 
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.2020-08-31not yet calculatedCVE-2020-24786
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zte -- zxiptv_and_zxiptv-web-pvA ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.2020-09-01not yet calculatedCVE-2020-6874
MISC
zte -- zxr1-_2800-4_almpufb(low)
 
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.2020-09-01not yet calculatedCVE-2020-6873
MISC
zyxel -- vmg5313-b30b_router
 
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.2020-09-02not yet calculatedCVE-2020-24355
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.