Vulnerability Summary for the Week of May 4, 2020

Original release date: May 11, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — syncope
 
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. 2020-05-04 7.5 CVE-2020-1961
MISC
apache — syncope
 
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. 2020-05-04 7.5 CVE-2020-1959
MISC
calibre-web — calibre-web
 
Calibre-Web 0.6.6 allows authentication bypass because of the ‘A0Zr98j/3yX R~XHH!jmN]LWX/,?RT’ hardcoded secret key. 2020-05-04 7.5 CVE-2020-12627
MISC

cisco — fire_power_management_center_and_firepower_user_agent

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. 2020-05-06 7.5 CVE-2020-3318
CISCO
dell — client_platforms
 
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. 2020-05-04 7.2 CVE-2020-5343
MISC
dom4j — dom4j
 
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. 2020-05-01 7.5 CVE-2020-10683
MISC
MISC
CONFIRM
CONFIRM
fonality — trixbox_community_edition
 
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the “asterisk” user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. 2020-05-01 9 CVE-2020-7351
MISC
MISC
google — chrome-launcher
 
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. 2020-05-02 7.5 CVE-2020-7645
MISC
ibm — data_risk_manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. 2020-05-07 9 CVE-2020-4428
XF
CONFIRM
ibm — data_risk_manager
 
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. 2020-05-07 10 CVE-2020-4429
XF
CONFIRM
ibm — data_risk_manager
 
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. 2020-05-07 9 CVE-2020-4427
XF
CONFIRM
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. 2020-05-05 7.2 CVE-2020-12659
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. 2020-05-05 7.5 CVE-2020-12654
MLIST
MISC
MISC
MISC
oklok — oklok
 
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. 2020-05-04 7.5 CVE-2020-8790
MISC
roundcube — webmail
 
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. 2020-05-04 7.5 CVE-2020-12641
MISC
MISC
MISC
MISC
roundcube — webmail
 
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. 2020-05-04 7.5 CVE-2020-12640
MISC
MISC
MISC
MISC
rsa — archer
 
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. 2020-05-04 9 CVE-2020-5332
MISC
samsung — multiple_mobile_devices
 
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung’s Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. 2020-05-06 10 CVE-2020-8899
MISC
CONFIRM
CONFIRM
ubiquiti — unifi_cloud_key_devices
 
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). 2020-05-02 7.2 CVE-2020-8157
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-05-06 6.8 CVE-2020-6076
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-05-06 6.8 CVE-2020-6075
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-05-06 6.8 CVE-2020-6082
MISC
accusoft — imagegear
 
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2020-05-06 6.8 CVE-2020-6094
MISC
ayision — ays-wr01_v28k_devices
 
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. 2020-05-05 4.3 CVE-2019-19515
MISC
blueonyx — 5209r
 
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. 2020-05-05 4.3 CVE-2020-5517
MISC
cisco — firepower_management_center
 
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive, browser-based information. 2020-05-06 4.3 CVE-2020-3313
CISCO

cisco — multiple_products

A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. 2020-05-06 4 CVE-2020-3329
CISCO
citrix — sharefile_storagezones_controller
 
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983 but has essentially the same risk. 2020-05-07 5 CVE-2020-8982
CONFIRM
citrix — sharefile_storagezones_controller
 
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982 but has essentially the same risk. 2020-05-07 5 CVE-2020-8983
CONFIRM
commscope — ruckus_devices
 
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. 2020-05-05 6.8 CVE-2020-8830
MISC
commscope — ruckus_r500_devices
 
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. 2020-05-05 4.3 CVE-2020-8033
MISC
dolibarr — dolibarr
 
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. 2020-05-06 6.5 CVE-2020-12669
MISC
MISC
doorkeeper — doorkeeper
 
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. 2020-05-04 4.3 CVE-2020-10187
MISC
MISC
MISC
MISC
glpi_project — glpi In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. 2020-05-05 5.8 CVE-2020-11034
CONFIRM
glpi_project — glpi

 

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. 2020-05-05 6.4 CVE-2020-11035
CONFIRM
glpi_project — glpi
 
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. 2020-05-05 6.5 CVE-2020-11032
CONFIRM
gnu — mailman
 
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. 2020-05-06 4.3 CVE-2020-12108
CONFIRM
MISC
MLIST
MISC
google — earth_pro
 
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3. 2020-05-04 4.3 CVE-2020-8896
CONFIRM
google — tensorflow
 
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. 2020-05-04 4.3 CVE-2018-21233
MISC
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. 2020-05-06 5 CVE-2020-12672
MISC
gurbalib — gurbalib
 
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. 2020-05-05 5 CVE-2020-12649
MISC
hcl — connections
 
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. 2020-05-01 5.8 CVE-2019-4209
CONFIRM
ibm — business_process_manager
 
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126. 2020-05-06 4 CVE-2020-4446
XF
CONFIRM
ibm — data_risk_manager
 
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. 2020-05-07 4 CVE-2020-4430
XF
CONFIRM
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. 2020-05-04 5.5 CVE-2020-4209
XF
CONFIRM
intelbras — cip_92200_devices
 
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. 2020-05-05 6.8 CVE-2020-8829
MISC
intelbras — rf1200_devices
 
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. 2020-05-05 6.8 CVE-2019-19517
MISC
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. 2020-05-06 4.3 CVE-2020-2186
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-05-06 6.5 CVE-2020-2189
MLIST
CONFIRM
juniper — junos
 
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with ‘world’ readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user ‘nobody’, the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with ‘world’ readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns “=*;*&” or “*%3b*&” in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match “=*;*&|=*%3b*&” If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match “=*;*&|=*%3b*&” user@device> show log httpd.log.1.gz | match “=*;*&|=*%3b*&” Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. 2020-05-04 6.8 CVE-2020-1631
CONFIRM
lcds — laquis_scada
 
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. 2020-05-04 4.3 CVE-2020-10618
MISC
lcds — laquis_scada
 
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users 2020-05-04 6.8 CVE-2020-10622
MISC
leptoncms — leptoncms
 
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. 2020-05-07 4.3 CVE-2020-12707
MISC
leptoncms — leptoncms
 
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. 2020-05-07 4.3 CVE-2020-12705
MISC
linux — linux_kernel
 
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. 2020-05-05 4.6 CVE-2020-12653
MLIST
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. 2020-05-05 4.6 CVE-2020-12657
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a “double fetch” vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states “The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.” 2020-05-05 6.9 CVE-2020-12652
MISC
MISC
MISC
macaron — macaron
 
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. 2020-05-05 5.8 CVE-2020-12666
MISC
MISC
moxa — nport_5150a_devices
 
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. 2020-05-01 5 CVE-2020-12117
CONFIRM
netgear — multiple_devices
 
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. 2020-05-05 4.6 CVE-2017-18867
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104. 2020-05-05 5.8 CVE-2017-18864
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. 2020-05-05 4.3 CVE-2017-18866
MISC
netgear — r8300_and_r8500_devices
 
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. 2020-05-05 5.2 CVE-2017-18865
MISC
oklok — oklok
 
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. 2020-05-04 5 CVE-2020-10876
MISC
MISC
oklok — oklok
 
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users’ email addresses and lock names. 2020-05-04 5 CVE-2020-8792
MISC
openvpn — openvpn_access_server
 
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable. 2020-05-04 4.3 CVE-2020-11462
MISC
phplist — phplist
 
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. 2020-05-04 4.3 CVE-2020-12639
MISC
MISC
red_hat — jboss_keycloak
 
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. 2020-05-04 6.5 CVE-2020-10686
CONFIRM
report_portal — service-api
 
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. 2020-05-04 5 CVE-2020-12642
CONFIRM
roundcube — webmail
 
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. 2020-05-04 4.3 CVE-2020-12626
MISC
MISC
MISC
MISC
DEBIAN
roundcube — webmail
 
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. 2020-05-04 4.3 CVE-2020-12625
MISC
MISC
MISC
DEBIAN
rsa — archer
 
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. 2020-05-04 5.8 CVE-2020-5337
MISC
rsa — archer
 
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. 2020-05-04 6.8 CVE-2020-5335
MISC
rsa — archer
 
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. 2020-05-04 4 CVE-2020-5333
MISC
rsa — archer
 
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system. 2020-05-04 5.8 CVE-2020-5336
MISC
rsa — archer
 
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. 2020-05-04 4.3 CVE-2020-5334
MISC
ruby — ruby
 
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. 2020-05-04 5 CVE-2020-10933
CONFIRM
ruckus — r500_devices
 
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. 2020-05-05 5.8 CVE-2020-7983
MISC
samba — samba
 
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled ‘Paged Results’ control is combined with the ‘ASQ’ control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. 2020-05-04 5 CVE-2020-10700
CONFIRM
FEDORA
FEDORA
FEDORA
MISC
soteria — soteria
 
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. 2020-05-04 4.9 CVE-2020-1732
CONFIRM
CONFIRM
synology — router_manager
 
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. 2020-05-04 5 CVE-2019-11823
CONFIRM
MISC
teampass — teampass
 
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. 2020-05-04 5.8 CVE-2020-11671
MISC
telegram — telegram_and_telegram desktop
 
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. 2020-05-01 4.3 CVE-2020-12474
MISC
the_league — the_league
 
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions. 2020-05-03 4.3 CVE-2020-12624
MISC
tobesoft — xplatform
 
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution. 2020-05-06 4.4 CVE-2019-19166
MISC
MISC
ulicms — ulicms
 
UliCMS before 2020.2 has XSS during PackageController uninstall. 2020-05-07 4.3 CVE-2020-12703
MISC
ulicms — ulicms
 
UliCMS before 2020.2 has PageController stored XSS. 2020-05-07 4.3 CVE-2020-12704
MISC
wordpress — wordpress
 
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. 2020-05-05 6.5 CVE-2020-12104
MISC
MISC
wordpress — wordpress
 
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. 2020-05-06 4.3 CVE-2020-11727
MISC
MISC
MISC
MISC
zimbra — web_client
 
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a “www” substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. 2020-05-05 4.3 CVE-2020-11737
CONFIRM
MISC
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — syncope
 
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. 2020-05-04 3.5 CVE-2019-17557
MISC
avision — ays-wr01_devices
 
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID. 2020-05-05 3.5 CVE-2019-19514
MISC

cisco — firepower_management_center_and_firepower_user_agent

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. 2020-05-06 2.1 CVE-2020-3301
CISCO
enhancesoft — osticket
 
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. 2020-05-04 3.5 CVE-2020-12629
MISC
MISC
EXPLOIT-DB
glpi_project — glpi
 
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content “<script>alert(1)</script>” reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `” onmouseover=”alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the “last update” field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6. 2020-05-05 3.5 CVE-2020-11036
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. 2020-05-06 3.5 CVE-2020-4384
XF
CONFIRM
ibm — maximo_anywhere
 
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. 2020-05-06 2.1 CVE-2019-4266
XF
CONFIRM
linux — linux_kernel
 
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. 2020-05-05 2.1 CVE-2020-12655
MISC
MISC
MISC
linux — linux_kernel
 
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. 2020-05-05 2.1 CVE-2020-12656
MISC
linux — linux_kernel
 
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. 2020-05-04 1.9 CVE-2020-12114
MISC
qemu — qemu
 
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. 2020-05-04 2.1 CVE-2020-10717
CONFIRM
MISC
MISC
MISC
requarks.io — wiki.js
 
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81. 2020-05-05 3.5 CVE-2020-11051
MISC
CONFIRM
rsa — archer
 
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. 2020-05-04 2.1 CVE-2020-5331
MISC
simplisafe — ss3_devices
 
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. 2020-05-02 2.1 CVE-2020-5727
CONFIRM
tp-link — omada_controller
 
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. 2020-05-04 2.1 CVE-2020-12475
MISC
wordpress — wordpress
 
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. 2020-05-05 3.5 CVE-2020-8799
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions — codesys_runtime
 
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2020-05-07 not yet calculated CVE-2020-6081
MISC
advantech — webaccess_node Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 not yet calculated CVE-2020-10638
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. 2020-05-08 not yet calculated CVE-2020-12010
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 not yet calculated CVE-2020-12002
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 not yet calculated CVE-2020-12006
MISC
MISC
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. 2020-05-08 not yet calculated CVE-2020-12014
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. 2020-05-08 not yet calculated CVE-2020-12018
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. 2020-05-08 not yet calculated CVE-2020-12022
MISC
MISC
advantech — webaccess_node
 
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 not yet calculated CVE-2020-12026
MISC
MISC
appneta — tcpreplay
 
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. 2020-05-08 not yet calculated CVE-2020-12740
MISC
assa_abloy — yale_wipc-301w_ip_cameras ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. 2020-05-07 not yet calculated CVE-2020-10176
MISC
atto — fibrebridge_7500n_devices ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). 2020-05-07 not yet calculated CVE-2018-5493
MISC
avira — software_updater
 
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. 2020-05-05 not yet calculated CVE-2020-12463
CONFIRM
barrel_strength_design — sprout_forms In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0. 2020-05-07 not yet calculated CVE-2020-11056
MISC
CONFIRM
blaauw — remote_kiln_control Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. 2020-05-07 not yet calculated CVE-2019-18866
MISC
blaauw — remote_kiln_control Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. 2020-05-07 not yet calculated CVE-2019-18868
MISC
MISC
blaauw — remote_kiln_control Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. 2020-05-07 not yet calculated CVE-2019-18869
MISC
blaauw — remote_kiln_control Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). 2020-05-07 not yet calculated CVE-2019-18872
MISC
blaauw — remote_kiln_control
 
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. 2020-05-07 not yet calculated CVE-2019-18865
MISC
MISC
blaauw — remote_kiln_control
 
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. 2020-05-07 not yet calculated CVE-2019-18864
MISC
blaauw — remote_kiln_control
 
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. 2020-05-07 not yet calculated CVE-2019-18867
MISC
blaauw — remote_kiln_control
 
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. 2020-05-07 not yet calculated CVE-2019-18870
MISC
blaauw — remote_kiln_control
 
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. 2020-05-07 not yet calculated CVE-2019-18871
MISC
bookstack — bookstack
 
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2. 2020-05-07 not yet calculated CVE-2020-11055
MISC
MISC
CONFIRM
canonical — unity8
 
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1. 2020-05-07 not yet calculated CVE-2015-7946
CONFIRM
cisco — adaptive_security_appliance
 
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication. 2020-05-06 not yet calculated CVE-2020-3125
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit this vulnerability by sending a series of unicast ARP packets in a short timeframe that would reach the management interface of an affected device. A successful exploit could allow the attacker to consume resources on an affected device, which would prevent the device from sending internal system keepalives and eventually cause the device to reload, resulting in a denial of service (DoS) condition. 2020-05-06 not yet calculated CVE-2020-3334
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. 2020-05-06 not yet calculated CVE-2020-3259
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. 2020-05-06 not yet calculated CVE-2020-3191
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device. 2020-05-06 not yet calculated CVE-2020-3254
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. 2020-05-06 not yet calculated CVE-2020-3196
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2020-05-06 not yet calculated CVE-2020-3305
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2020-05-06 not yet calculated CVE-2020-3303
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. 2020-05-06 not yet calculated CVE-2020-3187
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. 2020-05-06 not yet calculated CVE-2020-3298
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. 2020-05-06 not yet calculated CVE-2020-3195
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2020-05-06 not yet calculated CVE-2020-3306
CISCO
cisco — content_security_management_appliance
 
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. 2020-05-06 not yet calculated CVE-2020-3178
CISCO
cisco — firepower_1000_series_devices
 
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. 2020-05-06 not yet calculated CVE-2020-3283
CISCO
cisco — firepower_device_manager_on-box
 
A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. 2020-05-06 not yet calculated CVE-2020-3310
CISCO
cisco — firepower_device_manager_on-box
 
A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device. 2020-05-06 not yet calculated CVE-2020-3309
CISCO
cisco — firepower_management_center A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. 2020-05-06 not yet calculated CVE-2020-3302
CISCO
cisco — firepower_management_center
 
A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page. 2020-05-06 not yet calculated CVE-2020-3311
CISCO
cisco — firepower_management_center
 
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. 2020-05-06 not yet calculated CVE-2020-3307
CISCO

cisco — firepower_threat_defense

A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. 2020-05-06 not yet calculated CVE-2020-3312
CISCO

cisco — firepower_threat_defense

A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. The vulnerability is due to a logic error with Snort handling of the connection with the TLS 1.3 policy and URL category configuration. An attacker could exploit this vulnerability by sending crafted TLS 1.3 connections to an affected device. A successful exploit could allow the attacker to bypass the TLS 1.3 policy and access URLs that are outside the affected device and normally would be dropped. 2020-05-06 not yet calculated CVE-2020-3285
CISCO

cisco — firepower_threat_defense

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states. 2020-05-06 not yet calculated CVE-2020-3255
CISCO

cisco — firepower_threat_defense

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. 2020-05-06 not yet calculated CVE-2020-3308
CISCO

cisco — firepower_threat_defense

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device. 2020-05-06 not yet calculated CVE-2020-3253
CISCO
cisco — firepower_threat_defense
 
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. 2020-05-06 not yet calculated CVE-2020-3179
CISCO
cisco — firepower_threat_defense
 
A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. 2020-05-06 not yet calculated CVE-2020-3186
CISCO
cisco — firepower_threat_defense
 
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. 2020-05-06 not yet calculated CVE-2020-3188
CISCO
cisco — firepower_threat_defense
 
A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. 2020-05-06 not yet calculated CVE-2020-3189
CISCO
cisco — hosted_collaboration_mediation_fulfillment
 
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information. 2020-05-06 not yet calculated CVE-2020-3256
CISCO
cisco — multiple_products
 
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. 2020-05-06 not yet calculated CVE-2020-3315
CISCO
cisco — umbrella
 
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user. 2020-05-06 not yet calculated CVE-2020-3246
CISCO
citrix –sharefile_storagezones_controller
 
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. 2020-05-07 not yet calculated CVE-2020-7473
CONFIRM
cososys — endpoint_protector
 
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. 2020-05-04 not yet calculated CVE-2019-13285
MISC
MISC
dext5 — dext5_upload Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. 2020-05-06 not yet calculated CVE-2019-19169
MISC
MISC
dext5 — dext5_upload
 
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. 2020-05-06 not yet calculated CVE-2019-19168
MISC
MISC
dext5 — dext5_upload
 
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. 2020-05-07 not yet calculated CVE-2019-19164
CONFIRM
CONFIRM
domainmod — domainmod
 
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. 2020-05-08 not yet calculated CVE-2020-12735
MISC
eaton — intelligent_power_manager
 
Incorrect Privilege Assignment vulnerability in Eaton’s Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. 2020-05-07 not yet calculated CVE-2020-6652
MISC
eaton — intelligent_power_manager
 
Improper Input Validation in Eaton’s Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. 2020-05-07 not yet calculated CVE-2020-6651
MISC
enlightenment — imlib2
 
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. 2020-05-09 not yet calculated CVE-2020-12761
CONFIRM
f5 — nginx_controller On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket. 2020-05-07 not yet calculated CVE-2020-5895
MISC
f5 — nginx_controller
 
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. 2020-05-07 not yet calculated CVE-2020-5894
MISC
freerdp — freerdp
 
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. 2020-05-07 not yet calculated CVE-2020-11046
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. 2020-05-07 not yet calculated CVE-2020-11045
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. 2020-05-07 not yet calculated CVE-2020-11042
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. 2020-05-07 not yet calculated CVE-2020-11049
MISC
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. 2020-05-07 not yet calculated CVE-2020-11044
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. 2020-05-07 not yet calculated CVE-2020-11047
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. 2020-05-07 not yet calculated CVE-2020-11048
MISC
MISC
CONFIRM
gira — tks-ip-gateway Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. 2020-05-07 not yet calculated CVE-2020-10795
MISC
gira — tks-ip-gateway
 
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. 2020-05-07 not yet calculated CVE-2020-10794
MISC
gitlab — gitlab_enterprise_edition
 
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. 2020-05-07 not yet calculated CVE-2020-12448
MISC
CONFIRM
glip-project — glpi
 
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: – All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. – All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6. 2020-05-05 not yet calculated CVE-2020-11033
CONFIRM
gnuteca — gnuteca
 
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. 2020-05-09 not yet calculated CVE-2020-12764
CONFIRM
gnuteca — gnuteca
 
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. 2020-05-09 not yet calculated CVE-2020-12766
CONFIRM
grin — grin
 
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. 2020-05-05 not yet calculated CVE-2020-12439
CONFIRM
CONFIRM
CONFIRM
hcl — nomad
 
“If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content.” 2020-05-06 not yet calculated CVE-2020-4092
MISC
hibernate — validator
 
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. 2020-05-06 not yet calculated CVE-2020-10693
CONFIRM
i-net_software — multiple_products
 
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal. 2020-05-07 not yet calculated CVE-2020-11431
MISC
CONFIRM
CONFIRM
CONFIRM
ibm — websphere_application_liberty
 
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084. 2020-05-06 not yet calculated CVE-2020-4421
XF
CONFIRM
imgtech — zoneplayer
 
IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. 2020-05-07 not yet calculated CVE-2020-7803
CONFIRM
CONFIRM
infomark — kt_slim_egg_iml500_and_iml250_devices
 
An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. 2020-05-07 not yet calculated CVE-2020-7805
CONFIRM
CONFIRM
iproute2 — iproute2 iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. 2020-05-09 not yet calculated CVE-2019-20795
CONFIRM
java-websocket — java-websocket
 
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0. 2020-05-07 not yet calculated CVE-2020-11050
CONFIRM
jenkins — jenkins
 
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2020-05-06 not yet calculated CVE-2020-2188
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. 2020-05-06 not yet calculated CVE-2020-2183
MLIST
CONFIRM
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. 2020-05-06 not yet calculated CVE-2020-2184
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. 2020-05-06 not yet calculated CVE-2020-2182
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. 2020-05-06 not yet calculated CVE-2020-2181
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. 2020-05-06 not yet calculated CVE-2020-2187
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. 2020-05-06 not yet calculated CVE-2020-2185
MLIST
CONFIRM
json-c — json-c
 
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. 2020-05-09 not yet calculated CVE-2020-12762
CONFIRM
katyshop2 — katyshop2
 
Katyshop2 before 2.12 has multiple stored XSS issues. 2020-05-07 not yet calculated CVE-2020-12683
MISC
MISC
kde — kio-extras
 
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. 2020-05-09 not yet calculated CVE-2020-12755
CONFIRM
ledger — nano_and_s_devices
 
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC. 2020-05-06 not yet calculated CVE-2020-6861
MISC
CONFIRM
libexif — libexif exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. 2020-05-09 not yet calculated CVE-2020-12767
CONFIRM

linux — linux_kernel

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. 2020-05-09 not yet calculated CVE-2020-12769
CONFIRM
CONFIRM
CONFIRM

linux — linux_kernel

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. 2020-05-09 not yet calculated CVE-2020-12770
CONFIRM
CONFIRM
linux — linux_kernel An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. 2020-05-09 not yet calculated CVE-2020-12771
CONFIRM
linux — linux_kernel
 
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace’s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. 2020-05-09 not yet calculated CVE-2019-20794
CONFIRM
CONFIRM
linux — linux_kernel
 
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. 2020-05-08 not yet calculated CVE-2019-14898
MISC
CONFIRM
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. 2020-05-09 not yet calculated CVE-2020-12768
CONFIRM
CONFIRM
linux — linux_kernel
 
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. 2020-05-08 not yet calculated CVE-2020-10690
CONFIRM
maxum_development_corporation — rumpus An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. 2020-05-08 not yet calculated CVE-2020-12737
MISC
MISC
mcafee — active_response_for_linux
 
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7290
CONFIRM
mcafee — active_response_for_mac Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7291
CONFIRM
mcafee — active_response_for_windows
 
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7289
CONFIRM
mcafee — endpoint_security_for_mac
 
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-05-08 not yet calculated CVE-2020-7265
CONFIRM
mcafee — endpoint_security_for_windows
 
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-05-08 not yet calculated CVE-2020-7264
CONFIRM
mcafee — exploit_detection_and_response_for_linux
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7287
CONFIRM
mcafee — exploit_detection_and_response_for_mac
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7288
CONFIRM
mcafee — exploit_detection_and_response_for_windows
 
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7286
CONFIRM
mcafee — mvision_endpoint
 
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 not yet calculated CVE-2020-7285
CONFIRM
mcafee — virusscan_enterprise_for_linux
 
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-05-08 not yet calculated CVE-2020-7267
CONFIRM
mcafee — virusscan_enterprise_for_windows
 
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. 2020-05-08 not yet calculated CVE-2020-7266
CONFIRM
mh_sub_i — vbulletin
 
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. 2020-05-08 not yet calculated CVE-2020-12720
MISC
micro_focus — verastream_host_integrator
 
Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. 2020-05-04 not yet calculated CVE-2020-11842
MISC
mitel — shoretel_conference_web_application
 
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php. 2020-05-07 not yet calculated CVE-2020-12679
MISC
mongodb — mongodb_server
 
Improper serialization of internal state in the authorization subsystem in MongoDB Server’s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18. 2020-05-06 not yet calculated CVE-2020-7921
MISC
network_time_foundation — network_time_protocol
 
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker’s behalf and send them to the attacker. 2020-05-06 not yet calculated CVE-2018-8956
MISC
MISC
MISC
MISC
node-js-libs — curlrequest
 
curlrequest through 1.0.1 allows execution of arbitrary commands.It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values. 2020-05-07 not yet calculated CVE-2020-7646
MISC
MISC
nvidia — multiple_graphics_cards A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. 2020-05-08 not yet calculated CVE-2012-0953
MISC
nvidia — multiple_graphics_cards
 
A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53. 2020-05-08 not yet calculated CVE-2012-0952
MISC
oauth2_proxy — oauth2_proxy
 
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1. 2020-05-07 not yet calculated CVE-2020-11053
CONFIRM
oklok — oklok
 
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs. 2020-05-04 not yet calculated CVE-2020-8791
MISC
openstack — keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. 2020-05-07 not yet calculated CVE-2020-12691
MLIST
MISC
CONFIRM
MISC
openstack — keystone
 
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. 2020-05-07 not yet calculated CVE-2020-12689
MLIST
MISC
CONFIRM
MISC
openstack — keystone
 
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. 2020-05-07 not yet calculated CVE-2020-12690
MLIST
MISC
CONFIRM
MISC
openstack — keystone
 
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn’t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. 2020-05-07 not yet calculated CVE-2020-12692
MLIST
MISC
CONFIRM
MISC
php-fusion — php-fusion In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. 2020-05-08 not yet calculated CVE-2020-12718
MISC
php-fusion — php-fusion
 
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. 2020-05-07 not yet calculated CVE-2020-12708
MISC
php-fusion — php-fusion
 
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php 2020-05-07 not yet calculated CVE-2020-12706
MISC
MISC
MISC
plex — media_server
 
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. 2020-05-08 not yet calculated CVE-2020-5741
MISC
python_packaging_authority — python_package_installer
 
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the –extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). 2020-05-08 not yet calculated CVE-2018-20225
MISC
MISC
qutebrowser — qutebrowser
 
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn’t be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. 2020-05-07 not yet calculated CVE-2020-11054
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
red_hat — jboss_keycloak
 
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. 2020-05-08 not yet calculated CVE-2019-10169
CONFIRM
red_hat — jboss_keycloak
 
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. 2020-05-08 not yet calculated CVE-2019-10170
CONFIRM

s._siedle_&_soehne — sg_150-0_smart_gateway

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway. 2020-05-07 not yet calculated CVE-2020-9475
MISC
s._siedle_&_soehne — sg_150-0_smart_gateway
 
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway. 2020-05-07 not yet calculated CVE-2020-9474
MISC
sae_it-systems — fw-50_remote_telemetry_unit SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. 2020-05-05 not yet calculated CVE-2020-10630
MISC
sae_it-systems — fw-50_remote_telemetry_unit
 
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. 2020-05-05 not yet calculated CVE-2020-10634
MISC
samba — samba
 
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. 2020-05-06 not yet calculated CVE-2020-10704
CONFIRM
FEDORA
FEDORA
MISC
samsung — multiple_mobile_devices
 
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). 2020-05-08 not yet calculated CVE-2020-6616
MISC
MISC
MISC
CONFIRM
MISC
MISC
serpico_project — serpico
 
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database. 2020-05-07 not yet calculated CVE-2020-12687
MISC
MISC
servicenow — it_service_management
 
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. 2020-05-05 not yet calculated CVE-2019-20768
MISC
MISC
shopizer — shopizer
 
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. 2020-05-08 not yet calculated CVE-2020-11006
MISC
CONFIRM
silver_peak — multiple_products
 
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. 2020-05-05 not yet calculated CVE-2020-12142
CONFIRM
silver_peak — multiple_products
 
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. 2020-05-05 not yet calculated CVE-2020-12143
CONFIRM
silver_peak — multiple_products
 
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. 2020-05-05 not yet calculated CVE-2020-12144
CONFIRM
solarwinds — msp_patch_management_engine
 
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%SolarWinds MSPSolarWinds.MSP.CacheServiceconfig. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. 2020-05-07 not yet calculated CVE-2020-12608
MISC
FULLDISC
MISC
solarwinds — network_performance_monitor_and_netpath
 
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. 2020-05-04 not yet calculated CVE-2019-12864
MISC
MISC
solis_miolo — solis_miolo Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. 2020-05-09 not yet calculated CVE-2020-12765
CONFIRM
sorcery_gem_for_ruby_on_rails — sorcery_gem_for_ruby_on_rails
 
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0. 2020-05-07 not yet calculated CVE-2020-11052
MISC
MISC
MISC
CONFIRM
suse — linux_enterprise_server_15_sp1
 
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; 2020-05-04 not yet calculated CVE-2020-8018
CONFIRM
techsmith — snagit
 
In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. 2020-05-08 not yet calculated CVE-2020-11541
CONFIRM
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. 2020-05-07 not yet calculated CVE-2020-5750
MISC
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. 2020-05-07 not yet calculated CVE-2020-5751
MISC
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. 2020-05-07 not yet calculated CVE-2020-5747
MISC
tecnick — tcexam
 
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. 2020-05-07 not yet calculated CVE-2020-5744
MISC
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. 2020-05-07 not yet calculated CVE-2020-5749
MISC
tecnick — tcexam
 
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. 2020-05-07 not yet calculated CVE-2020-5745
MISC
tecnick — tcexam
 
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don’t have permission. 2020-05-07 not yet calculated CVE-2020-5743
MISC
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. 2020-05-07 not yet calculated CVE-2020-5746
MISC
tecnick — tcexam
 
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. 2020-05-07 not yet calculated CVE-2020-5748
MISC
tobesoft — nexacro
 
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. 2020-05-06 not yet calculated CVE-2019-19167
MISC
MISC
tobesoft — xplatform
 
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. 2020-05-06 not yet calculated CVE-2020-7806
MISC
MISC
tp-link — muliple_devices
 
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. 2020-05-04 not yet calculated CVE-2020-12110
MISC
MISC
tp-link — multiple_devices
 
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. 2020-05-04 not yet calculated CVE-2020-12109
MISC
MISC
MISC
tp-link — nc260_and_nc450_devices Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. 2020-05-04 not yet calculated CVE-2020-12111
MISC
MISC
MISC
tp-link — tl-wa855re_devices
 
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. 2020-05-07 not yet calculated CVE-2020-10916
MISC
ubports — ubuntu_touch signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. 2020-05-07 not yet calculated CVE-2014-1423
MISC
MISC
MISC
wavlink — multiple_devices
 
An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices. A crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. 2020-05-07 not yet calculated CVE-2020-10971
MISC
wavlink — multiple_devices
 
An issue was discovered on Wavlink WL-WN579G3 – M79X3.V5030.180719 and WL-WN575A3 – RPT75A3.V4300.180801 devices, affecting a backup feature. A crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. 2020-05-07 not yet calculated CVE-2020-10974
MISC

wavlink — wl-wn530hg4_devices

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. 2020-05-07 not yet calculated CVE-2020-10973
MISC
wavlink — wl-wn530hg4_devices
 
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. A page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). 2020-05-07 not yet calculated CVE-2020-10972
MISC
wordpress — wordpress
 
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. 2020-05-08 not yet calculated CVE-2020-11530
MISC
FULLDISC
MISC
MISC
wordpress — wordpress
 
The iframe plugin before 4.5 for WordPress does not sanitize a URL. 2020-05-07 not yet calculated CVE-2020-12696
MISC
MISC
wso2 — multiple_products
 
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. 2020-05-08 not yet calculated CVE-2020-12719
MISC
zoho — manageengine_data_security_plus
 
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. 2020-05-08 not yet calculated CVE-2020-11532
MISC
MISC
zoho — manageengine_data_security_plus
 
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. 2020-05-08 not yet calculated CVE-2020-11531
MISC
MISC
zoho — manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. 2020-05-05 not yet calculated CVE-2020-10859
CONFIRM
zoho — manageengine_opmanager
 
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. 2020-05-07 not yet calculated CVE-2020-12116
MISC
MISC
zoom — zoom_it_installer_for_windows
 
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. 2020-05-04 not yet calculated CVE-2020-11443
CONFIRM
CONFIRM
CONFIRM
zulip — zulip_desktop
 
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. 2020-05-09 not yet calculated CVE-2020-12637
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.