Vulnerability Summary for the Week of July 6, 2020

Original release date: July 13, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
atlassian — jira_server_and_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1.	2020-07-03	7.5	CVE-2020-14172 MISC
gog — galaxy_client	An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.	2020-07-05	9.3	CVE-2020-15529 MISC
gog — galaxy_client	An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.	2020-07-05	9.3	CVE-2020-15528 MISC
google — android	An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).	2020-07-07	7.1	CVE-2020-15584 CONFIRM
mobileiron — core_and_connector	An Authentication Bypass vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass authentication mechanisms via unspecified vectors.	2020-07-07	7.5	CVE-2020-15506 MISC
mobileiron — core_and_connector	A remote code execution vulnerability in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.	2020-07-07	7.5	CVE-2020-15505 MISC
mozilla — firefox	In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.	2020-07-09	7.6	CVE-2020-12422 MISC MISC
mozilla — firefox	Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77.	2020-07-09	9.3	CVE-2020-12411 MISC MISC
mozilla — firefox	A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.	2020-07-09	9.3	CVE-2020-12416 MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	2020-07-09	9.3	CVE-2020-12406 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	2020-07-09	9.3	CVE-2020-12410 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.	2020-07-09	9.3	CVE-2020-12420 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.	2020-07-09	9.3	CVE-2020-12419 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Note: this issue only affects Firefox on ARM64 platforms. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.	2020-07-09	9.3	CVE-2020-12417 MISC MISC MISC MISC
phpzag — phpzag	SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql	2020-07-07	7.5	CVE-2020-8519 MLIST MISC MISC
phpzag — phpzag	SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql	2020-07-07	7.5	CVE-2020-8520 MLIST MISC MISC
phpzag — phpzag	SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql	2020-07-07	7.5	CVE-2020-8521 MLIST MISC MISC
solarwinds — serv-u_ftp_server	SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.	2020-07-05	7.5	CVE-2020-15541 MISC
we-com — opendata_cms	We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.	2020-07-05	7.5	CVE-2020-15540 MISC MISC
webchess — webchess	WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.	2020-07-07	7.5	CVE-2019-20896 CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — acrobat_and_acrobat_reader	Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-06	6.8	CVE-2019-8249 CONFIRM
adobe — acrobat_and_acrobat_reader	Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-06	6.8	CVE-2019-8250 CONFIRM
adobe — acrobat_and_acrobat_reader	Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.	2020-07-06	4.3	CVE-2019-8251 CONFIRM
atlassian — jira_server_and_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.	2020-07-03	4.4	CVE-2019-20419 MISC
atlassian — jira_server_and_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.	2020-07-03	4	CVE-2019-20418 N/A
electron — electron	In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using “contextIsolation” are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.	2020-07-07	4	CVE-2020-15096 CONFIRM MISC
huawei — hisuite	Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker’s choosing.	2020-07-06	4.4	CVE-2020-9100 MISC
huawei — mate_30_smartphones	HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.	2020-07-06	6.8	CVE-2020-9262 MISC
huawei — mate_30_smartphones	HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution.	2020-07-06	6.8	CVE-2020-9261 MISC
huawei — p30_smartphones	HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device.	2020-07-06	4.3	CVE-2020-9226 MISC
milkytracker — playergeneric	PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.	2020-07-06	4.3	CVE-2020-15569 MISC
mobileiron — core_and_connector	An arbitrary file reading vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to read files on the system via unspecified vectors.	2020-07-07	5	CVE-2020-15507 MISC
mods_for_hesk — mods_for_hesk	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user’s logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.	2020-07-09	4.3	CVE-2020-13992 MISC
mozilla — firefox	When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.	2020-07-09	4.3	CVE-2020-12424 MISC MISC
mozilla — firefox	When “%2F” was present in a manifest URL, Firefox’s AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.	2020-07-09	4.3	CVE-2020-12415 MISC MISC
mozilla — firefox	Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.	2020-07-09	4.3	CVE-2020-12425 MISC MISC
mozilla — firefox	By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as ‘1’, and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.	2020-07-09	4.3	CVE-2020-12412 MISC MISC
mozilla — firefox	When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77.	2020-07-09	6.8	CVE-2020-12409 MISC MISC
mozilla — firefox	During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.	2020-07-09	4.3	CVE-2020-12402 MISC MISC
mozilla — firefox	When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.	2020-07-09	4.3	CVE-2020-12408 MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.	2020-07-09	4.3	CVE-2020-12418 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.	2020-07-09	6.8	CVE-2018-12371 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.	2020-07-09	4.3	CVE-2020-12421 MISC MISC MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	2020-07-09	4.3	CVE-2020-12399 MISC MISC MISC MISC
mozilla — firefox_for_ios	For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.	2020-07-09	4.3	CVE-2020-12404 MISC MISC
mozilla — firefox_for_ios	IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.	2020-07-09	4.3	CVE-2020-12414 MISC MISC
parallax — jspdf	In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.	2020-07-06	4.3	CVE-2020-7691 MISC MISC MISC MISC MISC
phplist — phplist	An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.	2020-07-08	6.5	CVE-2020-15072 MISC CONFIRM CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).	2020-07-07	4.3	CVE-2020-15582 CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).	2020-07-07	5	CVE-2020-15579 CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).	2020-07-07	5	CVE-2020-15581 CONFIRM
victor_cms — victor_cms	Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.	2020-07-07	4.3	CVE-2020-15599 CONFIRM
whoopsie — whoopsie	The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.	2020-07-06	4.3	CVE-2020-15570 MISC MISC MISC MISC
wireshark — wireshark	In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.	2020-07-05	5	CVE-2020-15466 MISC MISC MISC
wordpress — wordpress	An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.	2020-07-05	4.3	CVE-2020-15535 MISC MISC
wordpress — wordpress	An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.	2020-07-05	4.3	CVE-2020-15537 MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
atlassian — jira_server_and_data_center	The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.	2020-07-03	3.5	CVE-2020-14173 MISC
huawei — mate_30_pro_smartphones	HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user’s face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.	2020-07-06	1.9	CVE-2020-1838 MISC
huawei — mate_30_smartphones	HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.	2020-07-06	3.7	CVE-2020-1839 MISC
huawei — p30_smartphones	HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function’s default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.	2020-07-06	2.9	CVE-2020-1836 MISC
mozilla — firefox	Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.	2020-07-09	2.6	CVE-2020-12407 MISC MISC
mozilla — firefox_and_firefox_esr_and_thunderbird	When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	2020-07-09	2.6	CVE-2020-12405 MISC MISC MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.	2020-07-07	3.5	CVE-2020-15034 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.	2020-07-07	3.5	CVE-2020-15035 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.	2020-07-07	3.5	CVE-2020-15032 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.	2020-07-07	3.5	CVE-2020-15033 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.	2020-07-07	3.5	CVE-2020-15030 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.	2020-07-07	3.5	CVE-2020-15031 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.	2020-07-07	3.5	CVE-2020-15029 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.	2020-07-07	3.5	CVE-2020-15028 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.	2020-07-07	3.5	CVE-2020-15036 MISC MISC
nedi_consulting — nedi	NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.	2020-07-07	3.5	CVE-2020-15037 MISC MISC
phplist — phplist	An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.	2020-07-08	3.5	CVE-2020-15073 MISC CONFIRM CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).	2020-07-07	2.1	CVE-2020-15583 CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).	2020-07-07	2.1	CVE-2020-15577 CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).	2020-07-07	2.1	CVE-2020-15578 CONFIRM
samsung — multiple_mobile_devices	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).	2020-07-07	2.1	CVE-2020-15580 CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — acrobat_and_acrobat_reader	Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-06	not yet calculated	CVE-2019-8066 CONFIRM
adobe — acrobat_and_acrobat_reader	Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.	2020-07-06	not yet calculated	CVE-2019-8252 CONFIRM
amazon_web_services — tough	The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.	2020-07-09	not yet calculated	CVE-2020-15093 MISC CONFIRM MISC MISC
apache — camel	Server-Side Template Injection and arbitrary file disclosure on Camel templating components	2020-07-08	not yet calculated	CVE-2020-11994 MISC
atlassian — bitbucket_server	Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.	2020-07-09	not yet calculated	CVE-2020-14171 MISC
atlassian — bitbucket_server	Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.	2020-07-09	not yet calculated	CVE-2020-14170 MISC
bareos — bareos	In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director’s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.	2020-07-10	not yet calculated	CVE-2020-11061 MISC CONFIRM
bareos — bareos	Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director’s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.	2020-07-10	not yet calculated	CVE-2020-4042 MISC CONFIRM
boiteasite — cmsuno	An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.	2020-07-07	not yet calculated	CVE-2020-15600 CONFIRM
checkpoint — zonealarm_firewall_and_antivirus	ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.	2020-07-06	not yet calculated	CVE-2020-6013 MISC
citrix — application_delivery_controller_and_gateway	Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.	2020-07-10	not yet calculated	CVE-2020-8197 MISC
citrix — application_delivery_controller_and_gateway	Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.	2020-07-10	not yet calculated	CVE-2020-8190 MISC
citrix — application_delivery_controller_and_gateway	Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.	2020-07-10	not yet calculated	CVE-2020-8187 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.	2020-07-10	not yet calculated	CVE-2020-8194 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.	2020-07-10	not yet calculated	CVE-2020-8195 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.	2020-07-10	not yet calculated	CVE-2020-8196 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.	2020-07-10	not yet calculated	CVE-2020-8193 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).	2020-07-10	not yet calculated	CVE-2020-8198 MISC
citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).	2020-07-10	not yet calculated	CVE-2020-8191 MISC
citrix — gateway_plug-in_for_linux	Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.	2020-07-10	not yet calculated	CVE-2020-8199 MISC
code42_software — code42	Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.	2020-07-07	not yet calculated	CVE-2020-12736 CONFIRM MISC
d-link — dr-610_devices	UNSUPPORTED WHEN ASSIGNED D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-07-09	not yet calculated	CVE-2020-9377 MISC CONFIRM MISC
d-link — dr-610_devices	UNSUPPORTED WHEN ASSIGNED D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-07-09	not yet calculated	CVE-2020-9376 MISC CONFIRM MISC
dell — emc_data_protection_advisor	Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.	2020-07-06	not yet calculated	CVE-2020-5352 MISC
dell — emc_idrac9	Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.	2020-07-09	not yet calculated	CVE-2020-5366 MISC
dell — emc_isilon_onefs_and_emc_powerscale	Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.	2020-07-06	not yet calculated	CVE-2020-5371 MISC
dell — emc_powerstore	Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.	2020-07-06	not yet calculated	CVE-2020-5372 MISC
dell — emc_vxrail	Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.	2020-07-06	not yet calculated	CVE-2020-5368 MISC
dell — powerprotect_data_manager_and_powerprotect_x400	Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.	2020-07-06	not yet calculated	CVE-2020-5356 MISC
devcert — devcert	A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.	2020-07-10	not yet calculated	CVE-2020-8186 MISC
django-two-factor-auth — django-two-factor-auth	Django Two-Factor Authentication before 1.12, stores the user’s password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you’re using Django’s default database session storage, then users’ passwords are stored in clear text in your database. In the best case, if you’re using Django’s signed cookie session, then users’ passwords are only stored in clear text within their browser’s cookie store. In the common case of using Django’s cache session store, the users’ passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you’re using the database session backend, you’ll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django’s session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.	2020-07-10	not yet calculated	CVE-2020-15105 MISC MISC CONFIRM
eclipse — jetty	In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).	2020-07-09	not yet calculated	CVE-2019-17638 CONFIRM
electron — electron	In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.	2020-07-07	not yet calculated	CVE-2020-4077 CONFIRM MISC
electron — electron	In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.	2020-07-07	not yet calculated	CVE-2020-4076 CONFIRM MISC
electron — electron	In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.	2020-07-07	not yet calculated	CVE-2020-4075 CONFIRM MISC
freebsd — freebsd	In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.	2020-07-09	not yet calculated	CVE-2020-7458 MISC
freebsd — freebsd	In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.	2020-07-09	not yet calculated	CVE-2020-7457 MISC
geovision — door_access_control_device	Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.	2020-07-08	not yet calculated	CVE-2020-3931 CONFIRM CONFIRM
gitlab — gitlab_enterprise_edition	GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.	2020-07-07	not yet calculated	CVE-2020-15525 CONFIRM MISC MISC
google — openthread_wpantund	A memory leak in Openthread’s wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.	2020-07-07	not yet calculated	CVE-2020-8916 CONFIRM
google-oauth-client — google-oauth-client	PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.	2020-07-09	not yet calculated	CVE-2020-7692 MISC MISC MISC MISC MISC
gossipsub — gossipsub	Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.	2020-07-07	not yet calculated	CVE-2020-12821 MISC CONFIRM CONFIRM MISC MISC
hcl — appscan_enterprise	“HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.”	2020-07-07	not yet calculated	CVE-2019-4324 CONFIRM MISC
hcl — appscan_enterprise	“HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.”	2020-07-07	not yet calculated	CVE-2019-4323 MISC CONFIRM
hibernate — orm	A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.	2020-07-06	not yet calculated	CVE-2019-14900 MISC
hpe — icewall_sso_dfw_and_dgfw	A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess	2020-07-08	not yet calculated	CVE-2020-7140 MISC
huawei — changxiang_8_plus	ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.	2020-07-06	not yet calculated	CVE-2020-1837 MISC
huawei — multiple_products	The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.	2020-07-08	not yet calculated	CVE-2019-19415 CONFIRM
huawei — multiple_products	The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.	2020-07-08	not yet calculated	CVE-2019-19416 CONFIRM
huawei — multiple_products	The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.	2020-07-08	not yet calculated	CVE-2019-19417 CONFIRM
huawei — p30_and_p30_pro_smartphones	HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function’s default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.	2020-07-10	not yet calculated	CVE-2020-9260 MISC
huawei — p30_smartphones	HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak.	2020-07-10	not yet calculated	CVE-2020-9258 MISC
ibm — guardium_activity_insights	IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.	2020-07-09	not yet calculated	CVE-2020-4173 XF CONFIRM
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.	2020-07-09	not yet calculated	CVE-2020-4305 XF CONFIRM
icehrm — icehrm	An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2020-07-10	not yet calculated	CVE-2020-6114 MISC
idera — froala_wysiwyg_editor	Froala Editor before 3.0.6 allows XSS.	2020-07-07	not yet calculated	CVE-2019-19935 MISC MISC
libslirp — libslirp	An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.	2020-07-09	not yet calculated	CVE-2020-10756 MISC
mavlink — micro_air_vehicle_link_protocol	The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.	2020-07-03	not yet calculated	CVE-2020-10282 CONFIRM
mavlink — micro_air_vehicle_link_protocol	This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.	2020-07-03	not yet calculated	CVE-2020-10281 CONFIRM
mcafee — mcafee_total_protection	Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.	2020-07-03	not yet calculated	CVE-2020-7281 CONFIRM
mcafee — mcafee_total_protection	Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.	2020-07-03	not yet calculated	CVE-2020-7282 CONFIRM
mcafee — mcafee_total_protection	Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.	2020-07-03	not yet calculated	CVE-2020-7283 CONFIRM
mcafee — network_security_management	Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).	2020-07-03	not yet calculated	CVE-2020-7284 MISC
mercari — mercari	Android App ‘Mercari’ (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.	2020-07-09	not yet calculated	CVE-2020-5604 MISC
micro_focus — identity_manager	Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.	2020-07-08	not yet calculated	CVE-2020-11849 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5599 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5598 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5600 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5596 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5595 MISC MISC
mitsubishi_electric — got2000_series_devices	TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-07-07	not yet calculated	CVE-2020-5597 MISC MISC
mods_for_hesk — mods_for_hesk	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.	2020-07-09	not yet calculated	CVE-2020-13994 MISC
mods_for_hesk — mods_for_hesk	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket.	2020-07-09	not yet calculated	CVE-2020-13993 MISC
mozilla — firefox	When the Windows DLL “webauthn.dll” was missing from the Operating System, and a malicious one was placed in a folder in the user’s %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. Note: This issue only affects the Windows operating system; other operating systems are unaffected. This vulnerability affects Firefox < 78.	2020-07-09	not yet calculated	CVE-2020-12423 MISC MISC
mozilla — firefox	Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.	2020-07-09	not yet calculated	CVE-2020-12426 MISC MISC
mozilla — thunderbird	If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.	2020-07-09	not yet calculated	CVE-2020-12398 MISC MISC
mx_player — mx_player_for_android	MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in “Receive” mode. An attacker can exploit this by connecting to the MX Transfer session as a “sender” and sending a MessageType of “FILE_LIST” with a “name” field containing directory traversal characters (../). This will result in the file being transferred to the victim’s phone, but being saved outside of the intended “/sdcard/MXshare” directory. In some instances, an attacker can achieve remote code execution by writing “.odex” and “.vdex” files in the “oat” directory of the MX Player application.	2020-07-08	not yet calculated	CVE-2020-5764 MISC
nextcloud — nextcloud_contacts	A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.	2020-07-10	not yet calculated	CVE-2020-8181 MISC MISC
nordic_semiconductor — android_ble_library_and_dfu_library	Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).	2020-07-07	not yet calculated	CVE-2020-15509 MISC MISC MISC
northwestern_university_knight_lab — timelinejs	In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is “sanitized” before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that those users will automatically begin using the new code. The only exception would be users who have deliberately edited the embed URL to “pin” their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS.	2020-07-09	not yet calculated	CVE-2020-15092 CONFIRM MISC
npm — cli	Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like “<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>”. The password value is not redacted and is printed to stdout and also to any generated log files.	2020-07-07	not yet calculated	CVE-2020-15095 MISC MISC CONFIRM
nvidia — jetpack_sdk	NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.	2020-07-08	not yet calculated	CVE-2020-5974 CONFIRM
osquery — osquery	osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.	2020-07-10	not yet calculated	CVE-2020-11081 MISC MISC MISC MISC CONFIRM
palo_alto_networks — pan-os	An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.	2020-07-08	not yet calculated	CVE-2020-2030 MISC
palo_alto_networks — pan-os	An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. This issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services.	2020-07-08	not yet calculated	CVE-2020-2031 MISC
palo_alto_networks — pan-os	Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue.	2020-07-08	not yet calculated	CVE-2020-1982 MISC
palo_alto_networks — pan-os_globalprotect	An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.	2020-07-08	not yet calculated	CVE-2020-2034 MISC
parallax — jspdf	In all versions of package jspdf, it is possible to inject JavaScript code via the html method.	2020-07-06	not yet calculated	CVE-2020-7690 MISC MISC MISC MISC MISC MISC
python — python	In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.	2020-07-04	not yet calculated	CVE-2020-15523 MISC MISC
raonwiz — raonwiz	RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows.	2020-07-10	not yet calculated	CVE-2020-7814 MISC
realtek — multiple_devices	An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2’s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.	2020-07-06	not yet calculated	CVE-2020-9395 MISC MISC MISC
redgate — sql_monitor	In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.	2020-07-09	not yet calculated	CVE-2020-15526 CONFIRM
riot — riot	RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.	2020-07-07	not yet calculated	CVE-2020-15350 MISC MISC
roundcube — roundcube_webmail	An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.	2020-07-06	not yet calculated	CVE-2020-15562 MISC MISC MISC MISC DEBIAN
samba — samba	A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.	2020-07-06	not yet calculated	CVE-2020-14303 MISC CONFIRM MISC
samba — samba	A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.	2020-07-07	not yet calculated	CVE-2020-10730 MISC MISC
samba — samba	A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.	2020-07-07	not yet calculated	CVE-2020-10745 MISC MISC
samba — samba	A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.	2020-07-06	not yet calculated	CVE-2020-10760 MISC UBUNTU MISC
shirasagi — shirasagi	Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2020-07-10	not yet calculated	CVE-2020-5607 MISC MISC MISC MISC MISC
sockjs — sockjs	Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.	2020-07-09	not yet calculated	CVE-2020-7693 MISC MISC MISC MISC MISC MISC
solarwinds — serv-u_ftp_server	SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.	2020-07-07	not yet calculated	CVE-2020-15574 CONFIRM
solarwinds — serv-u_ftp_server	SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.	2020-07-05	not yet calculated	CVE-2020-15542 MISC
solarwinds — serv-u_ftp_server	SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.	2020-07-07	not yet calculated	CVE-2020-15575 CONFIRM
solarwinds — serv-u_ftp_server	SolarWinds Serv-U File Server before 15.2.1 has a “Cross-script vulnerability,” aka Case Numbers 00041778 and 00306421.	2020-07-07	not yet calculated	CVE-2020-15573 CONFIRM
solarwinds — serv-u_ftp_server	SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.	2020-07-05	not yet calculated	CVE-2020-15543 MISC
solarwinds — serv-u_ftp_server	SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.	2020-07-07	not yet calculated	CVE-2020-15576 CONFIRM
sophos — xg_firewall	A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.	2020-07-10	not yet calculated	CVE-2020-15504 CONFIRM
symantec — endpoint_detection_and_response	Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.	2020-07-08	not yet calculated	CVE-2020-5839 MISC
tableau — tableau_server	A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.	2020-07-08	not yet calculated	CVE-2020-6938 MISC MISC
telefonica_germany — o2_business_for_android	The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.	2020-07-07	not yet calculated	CVE-2020-11882 MISC MISC
tobesoft — xplatform	XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.	2020-07-10	not yet calculated	CVE-2020-7815 MISC MISC
typo3 — typo3	The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.	2020-07-07	not yet calculated	CVE-2020-15513 MISC CONFIRM
typo3 — typo3	The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.	2020-07-07	not yet calculated	CVE-2020-15514 MISC CONFIRM
typo3 — typo3	The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution.	2020-07-07	not yet calculated	CVE-2020-15515 MISC CONFIRM
typo3 — typo3	The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.	2020-07-07	not yet calculated	CVE-2020-15517 MISC CONFIRM
typo3 — typo3	The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.	2020-07-07	not yet calculated	CVE-2020-15516 MISC CONFIRM
valve — steam_client	An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITYSYSTEM privileges because some parts of %PROGRAMFILES(X86)%Steam and/or %COMMONPROGRAMFILES(X86)%Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.	2020-07-05	not yet calculated	CVE-2020-15530 MISC
veeam — availability_suite_and_backup_and_replication	VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.	2020-07-03	not yet calculated	CVE-2020-15518 MISC
venki — supravizio_bpm	Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.	2020-07-07	not yet calculated	CVE-2020-15367 MISC MISC
venki — supravizio_bpm	A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.	2020-07-07	not yet calculated	CVE-2020-15392 MISC MISC
vmware — fusion_and_remote_console_for_mac_and_horizon_client_for_mac	VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.	2020-07-10	not yet calculated	CVE-2020-3974 MISC
vmware — velocloud_orchestrator	The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.	2020-07-08	not yet calculated	CVE-2020-3973 MISC
we-com — municipality_portal_cms	XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.	2020-07-05	not yet calculated	CVE-2020-15538 MISC MISC
we-com — municipality_portal_cms	SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.	2020-07-05	not yet calculated	CVE-2020-15539 MISC MISC
wordpress — wordpress	An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.	2020-07-05	not yet calculated	CVE-2020-15536 MISC MISC
wordpress — wordpress	A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim’s browser.	2020-07-09	not yet calculated	CVE-2020-15299 MISC
xen — xen	An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests’ dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest’s video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.	2020-07-07	not yet calculated	CVE-2020-15563 MLIST MISC
xen — xen	An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.	2020-07-07	not yet calculated	CVE-2020-15564 MLIST MISC
xen — xen	An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen’s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.	2020-07-07	not yet calculated	CVE-2020-15565 MLIST MISC
xen — xen	An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.	2020-07-07	not yet calculated	CVE-2020-15566 MLIST MISC
xen — xen	An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.	2020-07-07	not yet calculated	CVE-2020-15567 MLIST MISC
yubico — libykpiv	An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack.	2020-07-09	not yet calculated	CVE-2020-13132 MISC CONFIRM
yubico — libykpiv	An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.	2020-07-09	not yet calculated	CVE-2020-13131 MISC CONFIRM
yubico — yubikey_5_devices	A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required.	2020-07-09	not yet calculated	CVE-2020-15000 CONFIRM
yubico — yubikey_5_nfc_devices	An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.)	2020-07-09	not yet calculated	CVE-2020-15001 CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You Might Also Like

Vulnerability Summary for the Week of November 22, 2021

Vulnerability Summary for the Week of May 4, 2020

Vulnerability Summary for the Week of March 22, 2021