Vulnerability Summary for the Week of July 20, 2020

Original release date: July 27, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. 2020-07-17 7.5 CVE-2020-9671
CONFIRM
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. 2020-07-17 10 CVE-2020-9682
CONFIRM
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. 2020-07-17 7.5 CVE-2020-9670
CONFIRM
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. 2020-07-17 7.5 CVE-2020-9669
CONFIRM
adobe — download_manager Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-17 9.3 CVE-2020-9688
CONFIRM
adobe — magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 7.5 CVE-2020-9664
CONFIRM

apache — airflow

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker. 2020-07-17 7.5 CVE-2020-11982
MISC
apache — airflow
 
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands. 2020-07-17 7.5 CVE-2020-11981
MISC
blysoft –eyesurfer_bflyinstallerx.ocx
 
EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it. 2020-07-17 7.5 CVE-2020-7826
CONFIRM
d-link — dir-816l_devices
 
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. 2020-07-22 7.5 CVE-2020-15893
MISC
MISC
google — android There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262 2020-07-17 7.5 CVE-2020-0230
CONFIRM
google — android In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668 2020-07-17 10 CVE-2020-0225
CONFIRM
google — android There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727 2020-07-17 7.5 CVE-2020-0231
CONFIRM
google — android
 
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838 2020-07-17 10 CVE-2020-0224
CONFIRM
google — android
 
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994 2020-07-17 7.2 CVE-2020-0226
CONFIRM
google — android
 
In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775 2020-07-17 7.2 CVE-2020-0122
CONFIRM
google — android
 
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618 2020-07-17 7.2 CVE-2020-0227
CONFIRM
google — chrome
 
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2020-07-22 9.3 CVE-2020-6513
SUSE
MISC
MISC
GENTOO
google — chrome
 
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 9.3 CVE-2020-6515
SUSE
MISC
MISC
GENTOO
google — chrome
 
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 9.3 CVE-2020-6518
SUSE
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 9.3 CVE-2020-6524
SUSE
MISC
MISC
GENTOO
google — chrome
 
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 9.3 CVE-2020-6520
SUSE
MISC
MISC
GENTOO
grandstream — gwn7000_series_devices
 
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system’s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. 2020-07-17 9 CVE-2020-5756
https://www.tenable.com/cve/CVE-2020-5756
CONFIRM
grandstream — ucm6200_series_devices Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted “unset” command. 2020-07-17 10 CVE-2020-5759
https://www.tenable.com/cve/CVE-2020-5759
CONFIRM
grandstream — ucm6200_series_devices
 
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM’s “New” HTTPS API. 2020-07-17 10 CVE-2020-5757
https://www.tenable.com/cve/CVE-2020-5757
CONFIRM
grandstream — ucm6200_series_devices
 
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM’s “Old” HTTPS API. 2020-07-17 9 CVE-2020-5758
https://www.tenable.com/cve/CVE-2020-5758
CONFIRM
hp — nagios-plugins-hpilo HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. 2020-07-17 7.5 CVE-2020-7206
CONFIRM
ibm — verify_gateway IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. 2020-07-22 7.5 CVE-2020-4385
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. 2020-07-17 9 CVE-2020-4464
XF
CONFIRM
MISC
juniper_networks — srx_series_devices
 
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. 2020-07-17 7.5 CVE-2020-1654
CONFIRM
kramdown_gem_for_ruby_on_rails — kramdown_gem_for_ruby_on_rails The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=”/etc/passwd”) or unintended embedded Ruby code execution (such as a string that begins with template=”string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. 2020-07-17 7.5 CVE-2020-14001
MISC
CONFIRM
CONFIRM
MISC
CONFIRM
MISC

lua — lua

Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. 2020-07-21 7.5 CVE-2020-15889
MISC
MISC
lua — lua
 
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. 2020-07-21 7.5 CVE-2020-15888
MISC
MISC
MISC
MISC
MISC
MISC
mruby — mruby mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. 2020-07-21 7.5 CVE-2020-15866
MISC
openclinic_ga — openclinic_ga OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries. 2020-07-20 7.5 CVE-2020-14485
MISC
pritunl — pritunl-client
 
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. 2020-07-21 7.5 CVE-2016-7063
MISC
MISC
MISC
python — python
 
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. 2020-07-17 7.5 CVE-2020-15801
MISC
MISC
rollup-plugin-serve — rollup-plugin-serve This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. 2020-07-17 7.5 CVE-2020-7684
MISC
MISC
tobesoft — miplatform
 
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform. 2020-07-17 10 CVE-2020-7825
CONFIRM
zte — multiple_products
 
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100> 2020-07-20 7.5 CVE-2020-6871
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
360 — total_security In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. 2020-07-21 6.9 CVE-2020-15723
MISC
360 — total_security
 
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. 2020-07-21 6.9 CVE-2020-15722
MISC
360 — total_security
 
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. 2020-07-21 6.9 CVE-2020-15724
MISC
3s_smart_software_solutions — codesys_control
 
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. 2020-07-22 5 CVE-2020-15806
CONFIRM
MISC
MISC
adobe — bridge Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 6.8 CVE-2020-9676
CONFIRM
adobe — bridge Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 6.8 CVE-2020-9675
CONFIRM
adobe — bridge Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 6.8 CVE-2020-9674
CONFIRM
adobe — coldfusion_2016_and_2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. 2020-07-17 4.4 CVE-2020-9673
CONFIRM
adobe — coldfusion_2016_and_2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. 2020-07-17 4.4 CVE-2020-9672
CONFIRM
adobe — media_encoder Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-17 6.8 CVE-2020-9650
CONFIRM
MISC
adobe — media_encoder Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-17 6.8 CVE-2020-9646
CONFIRM
MISC
adobe — photoshop_cc_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-22 6.8 CVE-2020-9685
CONFIRM
adobe — photoshop_cc_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-22 6.8 CVE-2020-9684
CONFIRM
adobe — photoshop_cc_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 6.8 CVE-2020-9683
CONFIRM
adobe — photoshop_cc_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-22 6.8 CVE-2020-9687
CONFIRM
adobe — prelude Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-22 6.8 CVE-2020-9678
CONFIRM
adobe — prelude Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 6.8 CVE-2020-9677
CONFIRM
adobe — prelude Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-07-22 6.8 CVE-2020-9680
CONFIRM
adobe — reader_mobile Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. 2020-07-22 5 CVE-2020-9663
CONFIRM
amd — radeon_directx_11_driver
 
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). 2020-07-20 6.5 CVE-2020-6103
MISC
amd — radeon_directx_11_driver
 
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). 2020-07-20 6.5 CVE-2020-6102
MISC
MISC
amd — radeon_directx_11_driver
 
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). 2020-07-20 6.5 CVE-2020-6101
MISC
amd — radeon_directx_11_driver
 
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape – as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). This vulnerability was triggered from HYPER-V guest using RemoteFX feature leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). 2020-07-20 6.5 CVE-2020-6100
MISC
apache — activemq_artemis In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console’s browser. The XSS payload is triggered in the diagram plugin; queue node and the info section. 2020-07-20 4.3 CVE-2020-13932
MISC
MLIST
apache — airflow An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the “classic” UI. 2020-07-17 4.3 CVE-2020-9485
MISC
apache — airflow
 
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable. 2020-07-17 6.5 CVE-2020-11978
MISC
apache — magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-07-22 4.3 CVE-2020-9665
CONFIRM
apache — media_encoder
 
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-07-17 4.3 CVE-2020-9649
CONFIRM
MISC
apache — photoshop_cc_2019_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 4.3 CVE-2020-9686
CONFIRM
apache — prelude
 
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-07-22 4.3 CVE-2020-9679
CONFIRM
artica — proxy_community_edition An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. 2020-07-20 5 CVE-2020-15052
MISC
artica — proxy_community_edition
 
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. 2020-07-20 4.3 CVE-2020-15053
MISC
bitwarden — bitwarden_server
 
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). 2020-07-21 5 CVE-2020-15879
MISC
canvas — canvas A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. 2020-07-20 6.8 CVE-2020-8215
MISC

cisco — adaptive_security_appliance_and_firepower_threat_defense_software

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. 2020-07-22 5 CVE-2020-3452
CISCO
clamav — clamav A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 – 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-07-20 5 CVE-2020-3481
CISCO
GENTOO
d-link — dir-816l_devices An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it’s printed on the webpage. 2020-07-22 4.3 CVE-2020-15895
MISC
MISC
d-link — dir-816l_devices
 
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. 2020-07-22 5 CVE-2020-15894
MISC
MISC
d-link — dsl-7740c_devices D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. 2020-07-22 4.6 CVE-2020-12774
MISC
datools — daviewindy DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. 2020-07-17 6.8 CVE-2020-7818
MISC
CONFIRM
docsify — docsify
 
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page. 2020-07-20 4.3 CVE-2020-7680
MISC
MISC
MISC
MISC
glpi — glpi In glpi before 9.5.1, there is a SQL injection for all usages of “Clone” feature. This has been fixed in 9.5.1. 2020-07-17 4 CVE-2020-15108
MISC
MISC
CONFIRM
gnome — evolution-data-server
 
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a “begin TLS” response, eds reads additional data and evaluates it in a TLS context, aka “response injection.” 2020-07-17 4.3 CVE-2020-14928
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
DEBIAN
gnu — libredwg GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. 2020-07-17 4.3 CVE-2020-15807
MISC
MISC
MISC
golang — go Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. 2020-07-17 4.3 CVE-2020-15586
SUSE
MISC
CONFIRM
CONFIRM
golang — go
 
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. 2020-07-17 5 CVE-2020-14039
SUSE
MISC
CONFIRM
google — android In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 2020-07-17 4.4 CVE-2020-0305
CONFIRM
google — android There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 2020-07-17 5 CVE-2020-0228
CONFIRM
google — android
 
In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442 2020-07-17 4.6 CVE-2020-0120
CONFIRM
google — chrome Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-07-22 6.8 CVE-2020-6505
MISC
MISC
GENTOO
google — chrome
 
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. 2020-07-22 4.3 CVE-2020-6536
SUSE
MISC
MISC
GENTOO
google — chrome
 
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6521
SUSE
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6529
SUSE
MISC
MISC
GENTOO
google — chrome
 
Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-07-22 6.8 CVE-2020-6509
MISC
MISC
GENTOO
google — chrome
 
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6527
SUSE
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6526
SUSE
MISC
MISC
GENTOO
google — chrome
 
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6531
SUSE
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 6.8 CVE-2020-6525
SUSE
MISC
MISC
GENTOO
google — chrome
 
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 6.8 CVE-2020-6507
MISC
MISC
GENTOO
google — chrome
 
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6528
SUSE
MISC
MISC
GENTOO
google — chrome
 
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6516
SUSE
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 6.8 CVE-2020-6510
SUSE
MISC
MISC
GENTOO
google — chrome
 
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2020-07-22 4.3 CVE-2020-6519
SUSE
MISC
MISC
GENTOO
graylog — graylog
 
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the “Allow self-signed certificates” option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog’s authentication mechanism. 2020-07-17 6.8 CVE-2020-15813
MISC
grundfos_pumps_corporation — cim_500_devices Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. 2020-07-17 5 CVE-2020-10605
CONFIRM
hcl — marketing_operations Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. 2020-07-20 5.5 CVE-2020-4125
MISC
hp — mse_msg_gw_application_e-ltu
 
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide. 2020-07-17 5.4 CVE-2019-12000
CONFIRM
huawei — honor_10_smartphones
 
Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service condition. 2020-07-17 4.3 CVE-2020-9255
CONFIRM
huawei — honor_v30_smartphones
 
Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cause information disclosure. 2020-07-17 4.3 CVE-2020-9259
CONFIRM
huawei — mate_30_smartphones
 
Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service. 2020-07-18 4.3 CVE-2020-9256
CONFIRM
huawei — moana-al00b_smartphones Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions. 2020-07-17 4.3 CVE-2020-9227
CONFIRM
huawei — p30_pro_smartphones
 
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. 2020-07-17 6.8 CVE-2020-9254
CONFIRM
huawei — p30_pro_smartphones
 
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. 2020-07-17 6.8 CVE-2020-9257
CONFIRM
ibm — mq_for_hpe_nonstop
 
IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563. 2020-07-20 4 CVE-2020-4466
XF
CONFIRM
ibm — planning_analytics IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. 2020-07-20 4 CVE-2020-4361
XF
CONFIRM
ibm — planning_analytics
 
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631. 2020-07-20 4.3 CVE-2020-4527
XF
CONFIRM
ibm — verify_gateway IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. 2020-07-22 5 CVE-2020-4400
XF
CONFIRM
ibm — verify_gateway
 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. 2020-07-22 4.3 CVE-2020-4397
XF
CONFIRM
ibm — verify_gateway
 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. 2020-07-22 4 CVE-2020-4399
XF
CONFIRM
intranda — goobi_viewer_core
 
In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive information. The vulnerability has been fixed in version 4.8.3 2020-07-22 4 CVE-2020-15124
MISC
CONFIRM
jalios — jcms jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. 2020-07-17 4.3 CVE-2020-15497
MISC
MISC
MISC
MISC
juniper_networks — junos_os An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic. 2020-07-17 5 CVE-2020-1640
MISC
juniper_networks — junos_os
 
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability. 2020-07-17 5 CVE-2020-1653
CONFIRM
juniper_networks — junos_os
 
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing “URL Filtering service”, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw—- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2. 2020-07-17 6.8 CVE-2020-1645
CONFIRM
juniper_networks — junos_os_and_junos_os_evolved On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. 2020-07-17 5 CVE-2020-1648
CONFIRM
juniper_networks — junos_os_and_junos_os_evolved
 
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1. 2020-07-17 5 CVE-2020-1644
CONFIRM
juniper_networks — junos_os_and_junos_os_evolved
 
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected. 2020-07-17 4.3 CVE-2020-1646
CONFIRM
juniper_networks — mx_series_devices On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.); 17.4R3; 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8; 18.2R3, 18.2R3-S1, 18.2R3-S2; 18.3R2 and the SRs based on 18.3R2; 18.4R2 and the SRs based on 18.4R2; 19.1R1 and the SRs based on 19.1R1; 19.2R1 and the SRs based on 19.2R1; 19.3R1 and the SRs based on 19.3R1. 2020-07-17 5 CVE-2020-1650
CONFIRM
juniper_networks — mx_series_devices
 
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error – Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response – Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error – Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 – Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 – Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability. 2020-07-17 5 CVE-2020-1655
CONFIRM
MISC
juniper_networks — mx_series_devices
 
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error – Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response – Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error – Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 – Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability. 2020-07-17 5 CVE-2020-1649
CONFIRM
MISC
juniper_networks — srx_series_devices
 
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. 2020-07-17 6.8 CVE-2020-1647
CONFIRM
jupyterhub-kubespawner — jupyterhub-kubespawner In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12. 2020-07-17 5.5 CVE-2020-15110
CONFIRM
CONFIRM
librenms — librenms
 
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of “‘guard’ => ‘admin'” instead of “‘middleware’ => [‘can:admin’]” in routes/web.php. 2020-07-21 6.5 CVE-2020-15877
MISC
MISC
MISC
MISC
MISC
MISC
librenms — librenms
 
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. 2020-07-21 4 CVE-2020-15873
MISC
MISC
MISC
MISC
MISC
liferay — liferay_portal_and_liferay_dxp Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. 2020-07-20 6.8 CVE-2020-15842
MISC
MISC
liferay — liferay_portal_and_liferay_dxp
 
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server’s password via the Test LDAP Connection feature. 2020-07-20 4.3 CVE-2020-15841
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. 2020-07-20 4.6 CVE-2020-15852
MLIST
MISC
MISC
MISC
luajit — luajit LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. 2020-07-21 5 CVE-2020-15890
MISC
mida_solutions — eframework A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. 2020-07-24 4.3 CVE-2020-15919
MISC
openclinic_ga — openclinic_ga OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. 2020-07-20 5 CVE-2020-14494
MISC
openclinic_ga — openclinic_ga OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. 2020-07-20 5 CVE-2020-14484
MISC
openclinic_ga — openclinic_ga
 
OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. 2020-07-20 4 CVE-2020-14491
MISC
otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition
 
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. 2020-07-20 4 CVE-2020-1776
CONFIRM
prestashop — dashboard_productions
 
In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0. 2020-07-21 4 CVE-2020-15102
MISC
CONFIRM
pritunl — pritunl-client
 
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage 2020-07-21 5 CVE-2016-7064
MISC
MISC
react-native-fast-image —
react-native-fast-image
This affects all versions of package react-native-fast-image. When an image with source={{uri: “…”, headers: { host: “somehost.com”, authorization: “…” }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers. 2020-07-17 5 CVE-2020-7696
MISC
MISC
MISC
rockwell_automation — factorytalk_view_se
 
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. 2020-07-20 5.5 CVE-2020-12028
MISC
MISC
rockwell_automation — factorytalk_view_se
 
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. 2020-07-20 4 CVE-2020-12027
MISC
MISC
rockwell_automation — factorytalk_view_se
 
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. 2020-07-20 6.8 CVE-2020-12029
MISC
MISC
rockwell_automation — factorytalk_view_se
 
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. 2020-07-20 4.6 CVE-2020-12031
MISC
MISC
sails.js — sails.js
 
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. 2020-07-21 5 CVE-2018-21036
MLIST
MISC
MISC
MISC
servey — servey
 
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. 2020-07-20 5 CVE-2020-8214
MISC
sonicwall — netextender_windows_client SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. 2020-07-17 4.6 CVE-2020-5131
CONFIRM
sonicwall — sonicos SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. 2020-07-17 5 CVE-2020-5130
CONFIRM
uppy — uppy
 
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. 2020-07-20 5 CVE-2020-8205
MISC
vereign — collabora_code
 
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim’s browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken. 2020-07-21 4.3 CVE-2020-12432
MISC
MISC
western_digital — wd_discovery
 
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application’s process through library injection by using DYLD environment variables. 2020-07-17 6.5 CVE-2020-15816
MISC
woocommerce — woocommerce Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. 2020-07-23 4.3 CVE-2019-18834
MISC
MISC
MISC
wordpress — wordpress
 
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors. 2020-07-21 4.3 CVE-2020-14063
MISC
MISC
wordpress — wordpress
 
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. 2020-07-17 4.3 CVE-2020-5767
CONFIRM
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. 2020-07-17 4 CVE-2020-5768
CONFIRM
zabbix — zabbix Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. 2020-07-17 4.3 CVE-2020-15803
MISC
zte — multiple_products
 
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. 2020-07-20 4.3 CVE-2020-6872
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow
 
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. 2020-07-17 3.5 CVE-2020-11983
MISC
duo — duoconnect
 
The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined by the contents of the ‘-relay’ argument. If the ‘-relay’ is set to a URL beginning with “http://”, then the browser will initially attempt to load the URL over an insecure HTTP connection, before being immediately redirected to HTTPS (in addition to standard redirect mechanisms, the DNG uses HTTP Strict Transport Security headers to enforce this). After successfully authenticating to a DNG, DuoConnect stores an authentication token in a local system cache, so users do not have to complete this browser-based authentication workflow for every subsequent SSH connection. These tokens are valid for a configurable period of time, which defaults to 8 hours. If a user running DuoConnect already has a valid token, then instead of opening a web browser, DuoConnect directly contacts the DNG, again using the configured ‘-relay’ value, and sends this token, as well as the intended SSH server hostname and port numbers. If the ‘-relay’ argument begins with “http://”, then this request will be sent over an insecure connection, and could be exposed to an attacker who is sniffing the traffic on the same network. The DNG authentication tokens that may be exposed during SSH relay may be used to gain network-level access to the servers and ports protected by that given relay host. The DNG provides network-level access only to the protected SSH servers. It does not interact with the independent SSH authentication and encryption. An attacker cannot use a stolen token on its own to authenticate against a DNG-protected SSH server. 2020-07-20 2.9 CVE-2020-3442
CISCO
google — android
 
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216 2020-07-17 2.1 CVE-2020-0107
CONFIRM
hcl — bigfix_webui
 
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a. 2020-07-17 3.5 CVE-2020-4104
CONFIRM
hcl — campaign
 
“HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field.” 2020-07-17 3.5 CVE-2019-4090
MISC
hcl — marketing_platform
 
“HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. “ 2020-07-17 3.5 CVE-2019-4091
MISC
huawei — mate_20_smartphones
 
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. 2020-07-17 2.1 CVE-2020-9252
CONFIRM
huawei — multiple_cloudengine_products
 
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800 2020-07-17 2.1 CVE-2020-9102
CONFIRM
huawei — multiple_products
 
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10 2020-07-18 3.3 CVE-2020-9101
CONFIRM
ibm — verify_gateway
 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. 2020-07-22 2.1 CVE-2020-4371
XF
CONFIRM
ibm — verify_gateway
 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 2020-07-22 2.1 CVE-2020-4372
XF
CONFIRM
ibm — verify_gateway
 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. 2020-07-22 2.1 CVE-2020-4369
XF
CONFIRM
juniper_networks — junos_os
 
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is ” /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: ” with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. 2020-07-17 2.9 CVE-2020-1641
MISC
juniper_networks — junos_os
 
Execution of the “show ospf interface extensive” or “show ospf interface detail” CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the ‘uname -a’ command. For example: ARM (vulnerable): % uname -a | awk ‘{print $NF}’ arm PowerPC (not vulnerable): % uname -a | awk ‘{print $NF}’ powerpc AMD (not vulnerable): % uname -a | awk ‘{print $NF}’ amd64 Intel (not vulnerable): % uname -a | awk ‘{print $NF}’ i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2. 2020-07-17 1.9 CVE-2020-1643
CONFIRM
juniper_networks — mx_series_devices
 
On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1. 2020-07-17 3.3 CVE-2020-1651
CONFIRM
mida_solutions — eframework Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. 2020-07-24 3.5 CVE-2020-15918
MISC
qemu — qemu
 
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data’s address set to the e1000e’s MMIO address. 2020-07-21 2.1 CVE-2020-15859
MISC
MISC
MLIST
teltonika — trb2_r_devices
 
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the ‘URL/ Host / Connection’ form in the ‘DATA TO SERVER’ configuration section. 2020-07-17 3.5 CVE-2020-5769
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
asus — screenxpertservicec_and_screenxpertupgradeservicemanager
 
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. 2020-07-20 not yet calculated CVE-2020-15009
MISC
CONFIRM
CONFIRM
atlassian — confluence_server_and_data_center
 
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. 2020-07-24 not yet calculated CVE-2020-14175
N/A
bsdiff4 — bsdiff4
 
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. 2020-07-22 not yet calculated CVE-2020-15904
MISC
c-more — hmi_ea9_devices
 
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182. 2020-07-23 not yet calculated CVE-2020-10918
MISC
c-more — hmi_ea9_touch_screen_panels
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493. 2020-07-23 not yet calculated CVE-2020-10920
MISC
c-more — hmi_ea9_touch_screen_panels
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185. 2020-07-23 not yet calculated CVE-2020-10919
MISC
c-more — hmi_ea9_touch_screen_panels
 
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527. 2020-07-23 not yet calculated CVE-2020-10922
MISC
c-more — hmi_ea9_touch_screen_panels
 
This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482. 2020-07-23 not yet calculated CVE-2020-10921
MISC
cauldron_cbang — tar/tarfilereader
 
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. 2020-07-23 not yet calculated CVE-2020-15908
MISC
MISC
citrix — workspace_app_for_windows
 
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. 2020-07-24 not yet calculated CVE-2020-8207
MISC
claws_mail — claws_mail
 
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. 2020-07-23 not yet calculated CVE-2020-15917
MISC
MISC
codecov — codecov
 
In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5q88-cjfq-g2mh) was issued but the fix was incomplete. It only blocked &, and command injection is still possible using backticks instead to bypass the sanitizer. The attack surface is low in this case. Particularly in the standard use of codecov, where the module is used directly in a build pipeline, not built against as a library in another application that may supply malicious input and perform command injection. 2020-07-20 not yet calculated CVE-2020-15123
MISC
MISC
MISC
CONFIRM
MISC
d-link — dap-1520_devices
 
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. 2020-07-22 not yet calculated CVE-2020-15892
MISC
MISC
d-link — dap-1522_devices
 
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. 2020-07-22 not yet calculated CVE-2020-15896
MISC
MISC
d-link — dap-1860_devices
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084. 2020-07-23 not yet calculated CVE-2020-15631
MISC
MISC
d-link — dir-842_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. 2020-07-23 not yet calculated CVE-2020-15632
MISC
MISC
d-link — dir-867_and_dir-878_and_dir-882_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. 2020-07-23 not yet calculated CVE-2020-15633
MISC
MISC
devspace — devspace
 
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution. 2020-07-23 not yet calculated CVE-2020-15391
CONFIRM
MISC
embedthis — goahead
 
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit request replay attacks for local requests over HTTP. 2020-07-23 not yet calculated CVE-2020-15688
MISC
espressif — esp-idf_devices
 
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. 2020-07-23 not yet calculated CVE-2020-12638
MISC
MISC
MISC
MISC
fast-http — fast-http
 
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 not yet calculated CVE-2020-7687
MISC
fiber — fiber
 
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to another site, change the authorization header, etc. A possible workaround is to serialize the input before passing it to ctx.Attachment(). 2020-07-20 not yet calculated CVE-2020-15111
MISC
CONFIRM
fortiguard — fortios
 
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. 2020-07-24 not yet calculated CVE-2020-12812
MISC
google — chrome
 
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6512
SUSE
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. 2020-07-22 not yet calculated CVE-2020-6514
SUSE
MISC
MISC
GENTOO
google — chrome
 
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6506
MISC
MISC
GENTOO
google — chrome
 
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6511
SUSE
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6517
SUSE
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6534
SUSE
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6522
SUSE
MISC
MISC
GENTOO
google — chrome
 
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6523
SUSE
MISC
MISC
GENTOO
google — chrome
 
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6535
SUSE
MISC
MISC
GENTOO
google — chrome
 
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 2020-07-22 not yet calculated CVE-2020-6530
SUSE
MISC
MISC
GENTOO
google — chrome
 
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-07-22 not yet calculated CVE-2020-6533
SUSE
MISC
MISC
GENTOO
hp — synaptics_vfs75xx_sensors
 
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. 2020-07-22 not yet calculated CVE-2019-18618
MISC
MISC
MISC
CONFIRM
hp — synaptics_wbf_drivers
 
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. 2020-07-22 not yet calculated CVE-2019-18619
MISC
MISC
MISC
CONFIRM
MISC
ibm — filenet_content_manager
 
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227. 2020-07-23 not yet calculated CVE-2020-4447
XF
CONFIRM
inneo — startup_tools
 
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact. 2020-07-23 not yet calculated CVE-2020-15492
MISC
CONFIRM
MISC
MISC
jimp — jimp
 
Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. 2020-07-24 not yet calculated CVE-2020-8175
MISC
kubernetes — kubelet
 
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. 2020-07-23 not yet calculated CVE-2020-8557
CONFIRM
MLIST
kubernetes — kubelet
 
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. 2020-07-22 not yet calculated CVE-2020-8559
MISC
MISC
lenovo — drivers_management
 
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. 2020-07-24 not yet calculated CVE-2020-8317
CONFIRM
lenovo — drivers_management
 
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. 2020-07-24 not yet calculated CVE-2020-8326
CONFIRM
lua — lua
 
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. 2020-07-24 not yet calculated CVE-2020-15945
MISC
MISC
marked-tree — marked-tree
 
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 not yet calculated CVE-2020-7682
MISC
marscode — marscode
 
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. 2020-07-25 not yet calculated CVE-2020-7681
MISC
mida_solutions — eframework There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. 2020-07-24 not yet calculated CVE-2020-15922
MISC
mida_solutions — eframework Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. 2020-07-24 not yet calculated CVE-2020-15923
MISC
mida_solutions — eframework Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. 2020-07-24 not yet calculated CVE-2020-15921
MISC
mida_solutions — eframework There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. 2020-07-24 not yet calculated CVE-2020-15920
MISC
mida_solutions — eframework
 
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. 2020-07-24 not yet calculated CVE-2020-15924
MISC
mountsensitive — azurefile_and_cephfs
 
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. 2020-07-23 not yet calculated CVE-2019-11252
MISC
munkireport — munkireport
 
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. 2020-07-23 not yet calculated CVE-2020-15886
MISC
MISC
MISC
MISC
munkireport — munkireport
 
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. 2020-07-23 not yet calculated CVE-2020-15881
MISC
MISC
MISC
MISC
munkireport — munkireport
 
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. 2020-07-23 not yet calculated CVE-2020-15887
MISC
MISC
MISC
MISC
munkireport — munkireport
 
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. 2020-07-23 not yet calculated CVE-2020-15885
MISC
MISC
MISC
MISC
munkireport — munkireport
 
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. 2020-07-23 not yet calculated CVE-2020-15884
MISC
MISC
MISC
munkireport — munkireport
 
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported). 2020-07-23 not yet calculated CVE-2020-15883
MISC
MISC
MISC
MISC
munkireport — munkireport
 
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. 2020-07-23 not yet calculated CVE-2020-15882
MISC
MISC
MISC
nagios — nagios_xi Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. 2020-07-22 not yet calculated CVE-2020-15902
MISC
nagios — nagios_xi
 
ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to execute arbitrary commands via cmdsubsys. 2020-07-22 not yet calculated CVE-2020-15901
MISC
napi_get_value_string — napi_get_value_string
 
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. 2020-07-24 not yet calculated CVE-2020-8174
MISC
nec — esmpro_manager
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007. 2020-07-22 not yet calculated CVE-2020-10917
MISC
open_microscopy_environment — omero
 
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query. 2020-07-22 not yet calculated CVE-2019-16244
CONFIRM
openbsd — openssh
 
scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of “anomalous argument transfers” because that could “stand a great chance of breaking existing workflows.” 2020-07-24 not yet calculated CVE-2020-15778
MISC
MISC
oracle — mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2020-07-24 not yet calculated CVE-2020-14725
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive. 2020-07-24 not yet calculated CVE-2020-10600
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. 2020-07-25 not yet calculated CVE-2020-10604
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. 2020-07-24 not yet calculated CVE-2020-10606
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. 2020-07-24 not yet calculated CVE-2020-10608
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. 2020-07-24 not yet calculated CVE-2020-10610
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display. 2020-07-25 not yet calculated CVE-2020-10614
MISC
oslsoft — pi_system
 
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. 2020-07-24 not yet calculated CVE-2020-10602
MISC
overwolf — overwolf
 
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. 2020-07-24 not yet calculated CVE-2020-15932
MISC
palo_alto_networks — avertx_hd838_and_hd438_ip_cameras
 
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera’s bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable. 2020-07-23 not yet calculated CVE-2020-11623
MISC
palo_alto_networks — avertx_hd838_and_hd438_ip_cameras
 
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there’s no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors. 2020-07-23 not yet calculated CVE-2020-11624
MISC
palo_alto_networks — avertx_hd838_and_hd438_ip_cameras
 
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057. 2020-07-23 not yet calculated CVE-2020-11625
MISC
parallels — remote_application_server
 
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm. 2020-07-24 not yet calculated CVE-2020-15860
MISC
MISC
parser-server — parser-server
 
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. 2020-07-22 not yet calculated CVE-2020-15126
MISC
MISC
CONFIRM
phoenix_contact — plcnext_engineer
 
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. 2020-07-21 not yet calculated CVE-2020-12499
CONFIRM
radare — radare2
 
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it’s required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. 2020-07-20 not yet calculated CVE-2020-15121
MISC
MISC
MISC
CONFIRM
raspberry_tortoise — raspberry_tortoise
 
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function. 2020-07-23 not yet calculated CVE-2020-15477
MISC
MISC
rollup-plugin-server — rollup-plugin-server
 
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. 2020-07-25 not yet calculated CVE-2020-7683
MISC
rollup-plugin-server — rollup-plugin-server
 
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. 2020-07-25 not yet calculated CVE-2020-7686
MISC
schneider_electric — easergy_builder
 
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access. 2020-07-23 not yet calculated CVE-2020-7514
MISC
schneider_electric — easergy_builder
 
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password. 2020-07-23 not yet calculated CVE-2020-7515
MISC
schneider_electric — easergy_builder
 
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials. 2020-07-23 not yet calculated CVE-2020-7516
MISC
schneider_electric — easergy_builder
 
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. 2020-07-23 not yet calculated CVE-2020-7517
MISC
schneider_electric — easergy_builder
 
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. 2020-07-23 not yet calculated CVE-2020-7519
MISC
schneider_electric — easergy_builder
 
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. 2020-07-23 not yet calculated CVE-2020-7518
MISC
schneider_electric — sesu
 
A CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim’s machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker’s possession. A man-in-the-middle attack is then used to complete the exploit. 2020-07-23 not yet calculated CVE-2020-7520
MISC
schneider_electric — triconex_safety_systems
 
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4. 2020-07-23 not yet calculated CVE-2020-7491
MISC
tenda — ac15_ac1900_devices
 
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. 2020-07-23 not yet calculated CVE-2020-15916
MISC
tesla — model_3_vehicles
 
** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue. 2020-07-23 not yet calculated CVE-2020-15912
MISC
MISC
MISC
MISC
torchbox — wagtail
 
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django’s standard form rendering helpers such as form.as_p, any HTML tags used within a form field’s help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django’s documentation, but omitting the |safe filter when outputting the help text. 2020-07-20 not yet calculated CVE-2020-15118
MISC
MISC
MISC
MISC
CONFIRM
ubuntu — ubuntu
 
In Ubuntu’s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1. 2020-07-22 not yet calculated CVE-2014-1422
CONFIRM
CONFIRM
wildfly — enterprise_java_beans
 
A vulnerability was found in Wildfly’s Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. 2020-07-24 not yet calculated CVE-2020-14307
CONFIRM
wildfly — enterprise_java_beans
 
A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. 2020-07-24 not yet calculated CVE-2020-14297
CONFIRM
wind_river — vxworks
 
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. 2020-07-23 not yet calculated CVE-2020-11440
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.