Vulnerability Summary for the Week of August 24, 2020

Original release date: August 31, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
13enforme — 13enforme_cms 13enforme CMS 1.0 has SQL Injection via the ‘content.php’ id parameter. 2020-08-27 7.5 CVE-2020-23979
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. 2020-08-25 9 CVE-2020-17384
MISC
ibm — connect IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. 2020-08-24 7.2 CVE-2020-4587
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. 2020-08-26 9 CVE-2019-4713
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. 2020-08-26 7.5 CVE-2019-4694
XF
CONFIRM
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501. 2020-08-25 9 CVE-2020-15642
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549. 2020-08-25 9 CVE-2020-15643
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550. 2020-08-25 9 CVE-2020-15644
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. 2020-08-25 9 CVE-2020-15645
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. 2020-08-25 9 CVE-2020-17387
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799. 2020-08-25 9 CVE-2020-17388
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. 2020-08-25 9 CVE-2020-17389
MISC
MISC
moog — exvf5c-2_firmware The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. 2020-08-21 10 CVE-2020-24051
MISC
MISC
moog — exvf5c-2_firmware The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a ‘statusbroadcast’ command that can spawn a given process repeatedly at a certain time interval as ‘root’. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as ‘${IFS}’. As a result, an attacker can execute arbitrary commands as ‘root’ on the units. 2020-08-21 10 CVE-2020-24054
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. 2020-08-21 7.2 CVE-2020-9063
MISC
MISC
MISC
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. 2020-08-21 7.2 CVE-2020-10126
MISC
MISC
nextcloud — nextcloud Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. 2020-08-21 7.1 CVE-2020-8227
MISC
MISC
safe-eval_project — safe-eval This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. 2020-08-21 7.5 CVE-2020-7710
MISC
MISC
sierrawireless — aleos A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. 2020-08-21 9 CVE-2019-11859
MISC
sintef — urx Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could ‘cook’ a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system 2020-08-21 7.2 CVE-2020-10290
CONFIRM
softing — opc Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. 2020-08-25 7.5 CVE-2020-14524
MISC
soluzioneglobale — ecommerce_cms SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter ” offerta.php” 2020-08-27 7.5 CVE-2020-23978
MISC
MISC
verint — 5620ptz_firmware Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable ‘/usr/sbin/DM’ that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication. 2020-08-21 7.5 CVE-2020-24055
MISC
MISC
verint — s5120fd_firmware The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint (‘ipfilter.cgi’) that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as ‘root’. 2020-08-21 9 CVE-2020-24057
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
13enforme — 13enforme_cms 13enforme CMS 1.0 has Cross Site Scripting via the “content.php” id parameter. 2020-08-27 4.3 CVE-2020-23981
MISC
asus — rt-ac1900p_firmware An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. 2020-08-26 4.3 CVE-2020-15499
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. 2020-08-25 4 CVE-2020-17386
MISC
cellopoint — cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. 2020-08-25 5 CVE-2020-17385
MISC
cisco — data_center_network_manager A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. 2020-08-26 5.5 CVE-2020-3519
CISCO
cisco — data_center_network_manager A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system. 2020-08-26 4 CVE-2020-3521
CISCO
cloudfoundry — cf-deployment Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. 2020-08-21 4 CVE-2020-5416
CONFIRM
cloudfoundry — cf-deployment Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components. 2020-08-21 6.5 CVE-2020-5417
CONFIRM
codiad — codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder’s name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-25 4.3 CVE-2020-14042
MISC
MISC
cogboard — red_discord_bot In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module’s leaderboard command. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11. 2020-08-21 5.5 CVE-2020-15140
MISC
CONFIRM
cogboard — red_discord_bot Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted “going live” messages to inject code into the Streams module’s going live message. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. 2020-08-21 6 CVE-2020-15147
MISC
MISC
CONFIRM
cybersolutions — cybermail Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. 2020-08-25 4.3 CVE-2020-5540
MISC
MISC
cybersolutions — cybermail Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. 2020-08-25 5.8 CVE-2020-5541
MISC
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form ‘Name’ in dbhcmstypes.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. 2020-08-24 4.3 CVE-2020-19880
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET[‘dbhcms_pid’] variable in dbhcmspage.php line 107, 2020-08-24 4.3 CVE-2020-19879
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. 2020-08-24 5 CVE-2020-19878
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2020-08-24 5 CVE-2020-19877
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an unauthorized operation vulnerability because there’s no access control at line 175 of dbhcmspage.php for empty cache operation. This vulnerability can be exploited to empty a table. 2020-08-24 4.3 CVE-2020-19888
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcmsmodmod.editor.php $_GET[‘file’] is filename,and as there is no filter function for security, you can read any file’s content. 2020-08-24 4 CVE-2020-19890
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcmsmodmod.editor.php $_POST[‘updatefile’] is filename and $_POST[‘tinymce_content’] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. 2020-08-24 6.5 CVE-2020-19891
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. 2020-08-24 6.8 CVE-2020-19889
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. 2020-08-24 4.3 CVE-2020-19886
MISC
dolibarr — dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which “disabled” is changed to “enabled” in the HTML source code. 2020-08-21 4 CVE-2020-14201
CONFIRM
MISC
elementor — elementor_page_builder Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. 2020-08-21 4 CVE-2020-20634
MISC
gog — galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based “trusted client” protection mechanism. 2020-08-21 6.9 CVE-2020-24574
MISC
MISC
MISC
goxmldsig_project — goxmldsig This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. 2020-08-23 5 CVE-2020-7711
MISC
MISC
huawei — fusioncompute FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. 2020-08-21 4 CVE-2020-9246
MISC
ibm — elastic_storage_server IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165. 2020-08-24 4 CVE-2020-4383
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. 2020-08-26 5 CVE-2019-4686
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. 2020-08-26 4 CVE-2019-4697
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. 2020-08-26 4.3 CVE-2019-4688
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. 2020-08-26 4 CVE-2019-4699
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. 2020-08-26 5 CVE-2019-4689
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. 2020-08-26 5 CVE-2019-4692
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. 2020-08-26 5 CVE-2019-4698
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. 2020-08-26 5 CVE-2019-4701
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. 2020-08-26 5 CVE-2018-1501
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. 2020-08-27 5 CVE-2020-4166
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. 2020-08-24 4.3 CVE-2020-4170
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. 2020-08-27 4 CVE-2020-4171
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. 2020-08-27 5 CVE-2020-4174
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. 2020-08-27 5 CVE-2020-4169
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. 2020-08-27 5 CVE-2020-4172
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. 2020-08-27 6.5 CVE-2020-4603
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. 2020-08-27 6.4 CVE-2020-4167
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. 2020-08-24 5.8 CVE-2020-4598
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. 2020-08-27 4.3 CVE-2020-4575
XF
CONFIRM
instructure — canvas_learning_management_service Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. 2020-08-21 5 CVE-2020-5775
MISC
isc — bind In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “–enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker 2020-08-21 4.3 CVE-2020-8623
CONFIRM
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
DEBIAN
CONFIRM
isc — bind In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and ‘forward first’ then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that ‘forward only’ are not affected. 2020-08-21 4.3 CVE-2020-8621
CONFIRM
GENTOO
CONFIRM
UBUNTU
CONFIRM
isc — bind In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. 2020-08-21 5 CVE-2020-8620
CONFIRM
GENTOO
CONFIRM
UBUNTU
CONFIRM
isc — bind In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. 2020-08-21 4 CVE-2020-8622
CONFIRM
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
isc — bind In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone’s content could abuse these unintended additional privileges to update other contents of the zone. 2020-08-21 4 CVE-2020-8624
CONFIRM
FEDORA
FEDORA
GENTOO
CONFIRM
UBUNTU
DEBIAN
CONFIRM
joomla — joomla! An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. 2020-08-26 5.8 CVE-2020-24598
MISC
joomla — joomla! An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. 2020-08-26 4.3 CVE-2020-24599
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499. 2020-08-25 5 CVE-2020-15641
MISC
MISC
marvell — qconvergeconsole This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497. 2020-08-25 5 CVE-2020-15640
MISC
MISC
mongodb — mongodb A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem’s support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. 2020-08-21 4 CVE-2020-7923
MISC
MLIST
moog — exvf5c-2_firmware Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 5 CVE-2020-24053
MISC
MISC
moog — exvf5c-2_firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. 2020-08-21 6.4 CVE-2020-24052
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. 2020-08-21 4.6 CVE-2020-10125
MISC
MISC
ncr — aptra_xfs NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. 2020-08-21 4.4 CVE-2020-10124
MISC
MISC
nexusdb — nexusdb NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. 2020-08-21 5 CVE-2020-24571
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11304. 2020-08-25 4.6 CVE-2020-17400
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134. 2020-08-25 4.6 CVE-2020-17395
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519. 2020-08-25 4.6 CVE-2020-17392
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217. 2020-08-25 4.6 CVE-2020-17396
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11303. 2020-08-25 4.6 CVE-2020-17399
MISC
MISC
philips — dreammapper Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. 2020-08-21 5 CVE-2020-14518
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-08-21 4 CVE-2020-16239
MISC
postgresql — postgresql It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. 2020-08-24 6.5 CVE-2020-14349
SUSE
SUSE
SUSE
MISC
GENTOO
postgresql — postgresql It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. 2020-08-24 4.4 CVE-2020-14350
SUSE
SUSE
SUSE
SUSE
MISC
DEBIAN
GENTOO
redhat — ansible A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. 2020-08-26 6.1 CVE-2019-14904
MISC
MISC
secomea — gatemanager_8250_firmware GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. 2020-08-25 5 CVE-2020-14512
MISC
sierrawireless — aleos Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. 2020-08-21 6.5 CVE-2019-11858
MISC
sierrawireless — aleos The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. 2020-08-21 4.6 CVE-2019-11862
MISC
sierrawireless — aleos Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. 2020-08-21 4 CVE-2019-11857
MISC
softing — opc Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. 2020-08-25 5 CVE-2020-14522
MISC
techkshetrainfo — savsoft_quiz TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. 2020-08-25 4.3 CVE-2020-24609
MISC
verint — 5620ptz_firmware A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. 2020-08-21 5 CVE-2020-24056
MISC
MISC
vmware — cloud_foundation VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. 2020-08-21 5 CVE-2020-3976
MISC
webdesi9 — file_manager mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. 2020-08-26 5 CVE-2020-24312
MISC
wolfssl — wolfssl An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. 2020-08-21 5 CVE-2020-12457
MISC
CONFIRM
wolfssl — wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). 2020-08-21 6.9 CVE-2020-15309
CONFIRM
wolfssl — wolfssl An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. 2020-08-21 5 CVE-2020-24585
MISC
MISC
wso2 — api_manager The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. 2020-08-21 6.4 CVE-2020-24589
MISC
wso2 — api_manager The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. 2020-08-21 6.4 CVE-2020-24590
MISC
wso2 — api_manager The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. 2020-08-21 5.5 CVE-2020-24591
MISC
zulip — zulip_server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. 2020-08-21 6.5 CVE-2020-15070
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. 2020-08-21 5.8 CVE-2020-14194
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. 2020-08-21 5 CVE-2020-14215
CONFIRM
zulip — zulip_server Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. 2020-08-21 4.3 CVE-2020-12759
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — data_center_network_manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 3.5 CVE-2020-3439
CISCO
cisco — data_center_network_manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 3.5 CVE-2020-3518
CISCO
cisco — data_center_network_manager A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege. 2020-08-26 2.1 CVE-2020-3520
CISCO
cookielawinfo — gdpr_cookie_consent ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. 2020-08-21 3.5 CVE-2020-20633
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcmsmodmod.domain.edit.php line 119. 2020-08-24 3.5 CVE-2020-19884
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_description’]’ variable in dbhcmsmodmod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19887
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_name’]’ variable in dbhcmsmodmod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19885
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcmsmodmod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19883
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘menu_description’ variable in dbhcmsmodmod.menus.edit.php line 83 and in dbhcmsmodmod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19882
MISC
dbhcms_project — dbhcms DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcmsmodmod.selector.php line 108 for $_GET[‘return_name’] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. 2020-08-24 3.5 CVE-2020-19881
MISC
dieboldnixdorf — probase Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. 2020-08-21 2.1 CVE-2020-9062
MISC
exceedone — exment Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. 2020-08-25 3.5 CVE-2020-5619
MISC
MISC
exceedone — exment Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. 2020-08-25 3.5 CVE-2020-5620
MISC
MISC
huawei — p30_firmware HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. 2020-08-21 3.3 CVE-2020-9104
MISC
huawei — p30_pro_firmware HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. 2020-08-21 2.1 CVE-2020-9095
MISC
huawei — p30_pro_firmware HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. 2020-08-21 2.1 CVE-2020-9096
MISC
ibm — elastic_storage_server IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. 2020-08-24 2.1 CVE-2020-4382
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. 2020-08-26 3.5 CVE-2019-4691
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. 2020-08-26 2.1 CVE-2019-4695
XF
CONFIRM
ibm — guardium_data_encryption IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. 2020-08-26 2.1 CVE-2019-4693
XF
CONFIRM
ibm — security_guardium_insights IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. 2020-08-24 2.1 CVE-2020-4593
XF
CONFIRM
mcafee — total_protection Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. 2020-08-21 3.3 CVE-2020-7310
CONFIRM
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Configuration.” 2020-08-26 3.5 CVE-2020-23657
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Content.” 2020-08-26 3.5 CVE-2020-23656
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module “Shop.” 2020-08-26 3.5 CVE-2020-23654
MISC
naviwebs — navigatecms NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module “Configuration.” 2020-08-26 3.5 CVE-2020-23655
MISC
ncr — aptra_xfs The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. 2020-08-21 2.1 CVE-2020-10123
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. 2020-08-21 3.5 CVE-2020-8189
MISC
MISC
osticket — osticket osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info[‘notes’] call. 2020-08-26 3.5 CVE-2020-16193
MISC
CONFIRM
parallels — parallels_desktop This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520. 2020-08-25 2.1 CVE-2020-17393
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302. 2020-08-25 2.1 CVE-2020-17398
MISC
MISC
parallels — parallels_desktop This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363. 2020-08-25 2.1 CVE-2020-17401
MISC
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2020-08-21 2.1 CVE-2020-16241
MISC
philips — suresigns_vs4_firmware Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. 2020-08-21 2.1 CVE-2020-16237
MISC
tenable — nessus Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. 2020-08-21 3.6 CVE-2020-5774
MISC
vmware — app_volumes VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim’s browser when viewing. 2020-08-21 3.5 CVE-2020-3975
MISC
webport_project — webport WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the “connections” feature. 2020-08-26 3.5 CVE-2020-23659
MISC
webtareas_project — webtareas webTareas v2.1 is affected by Cross Site Scripting (XSS) on “Search.” 2020-08-26 3.5 CVE-2020-23660
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — iview
 
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. 2020-08-25 not yet calculated CVE-2020-16245
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
akamai — enterprise_access_client
 
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. 2020-08-26 not yet calculated CVE-2019-18847
MISC
MISC
aruba — intelligent_edge_switch_series
 
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. 2020-08-26 not yet calculated CVE-2019-5320
MISC
aruba — intelligent_edge_switch_series
 
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI. 2020-08-26 not yet calculated CVE-2019-5321
MISC
asus — rt-ac1900p_routers
 
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the –no-check-certificate option passed to wget tool used to download firmware update files. 2020-08-26 not yet calculated CVE-2020-15498
MISC
atlassian — table_filter_and_charts_for_confluence_server
 
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the “Table from CSV” macro (URL parameter). 2020-08-29 not yet calculated CVE-2020-24898
MISC
atlassian — table_filter_and_charts_for_confluence_server
 
The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the “Table from CSV” macro. 2020-08-29 not yet calculated CVE-2020-24897
MISC
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15154
MISC
CONFIRM
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15159
MISC
MISC
CONFIRM
basercms — basercms
 
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. 2020-08-28 not yet calculated CVE-2020-15155
MISC
MISC
CONFIRM
chameleon — mini_live_debugger
 
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it’s sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. 2020-08-28 not yet calculated CVE-2020-15165
CONFIRM
MISC
cisco — connected_mobile_experiences
 
A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials. 2020-08-26 not yet calculated CVE-2020-3151
CISCO
cisco — connected_mobile_experiences
 
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials. 2020-08-26 not yet calculated CVE-2020-3152
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. 2020-08-26 not yet calculated CVE-2020-3522
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-08-26 not yet calculated CVE-2020-3523
CISCO
cisco — discovery_protocol
 
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3506
CISCO
cisco — discovery_protocol
 
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3507
CISCO
cisco — discovery_protocol
 
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-08-26 not yet calculated CVE-2020-3505
CISCO
cisco — dna_center
 
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-08-26 not yet calculated CVE-2020-3466
CISCO
cisco — fabric_services
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. 2020-08-27 not yet calculated CVE-2020-3517
CISCO
cisco — hyperflex_hx-series
 
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. 2020-08-26 not yet calculated CVE-2020-3389
CISCO
cisco — ios_xr_software
 
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. 2020-08-29 not yet calculated CVE-2020-3566
CISCO
cisco — nexus_3000_series_switches
 
A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. 2020-08-27 not yet calculated CVE-2020-3394
CISCO
cisco — nx-os_software

 

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 2020-08-27 not yet calculated CVE-2020-3398
CISCO
cisco — nx-os_software
 
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS. 2020-08-27 not yet calculated CVE-2020-3454
CISCO
cisco — nx-os_software
 
A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 2020-08-27 not yet calculated CVE-2020-3397
CISCO
cisco — nx-os_software
 
A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. 2020-08-27 not yet calculated CVE-2020-3415
CISCO
cisco — nx-os_software
 
A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device. 2020-08-27 not yet calculated CVE-2020-3338
CISCO
cisco — small_business_smart_and_managed_switches
 
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. 2020-08-26 not yet calculated CVE-2020-3496
CISCO
cisco — smart_software_manager_on-prem
 
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. 2020-08-26 not yet calculated CVE-2020-3443
CISCO
cisco — ucs_manager_software
 
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. 2020-08-27 not yet calculated CVE-2020-3504
CISCO
cisco — virtual_wide_area_application_services
 
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. 2020-08-26 not yet calculated CVE-2020-3446
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. 2020-08-26 not yet calculated CVE-2020-3485
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. 2020-08-26 not yet calculated CVE-2020-3490
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. 2020-08-26 not yet calculated CVE-2020-3491
CISCO
cisco — vision_dynamic_sinage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device. 2020-08-26 not yet calculated CVE-2020-3484
CISCO
cisco — webex_meetings_desktop_app
 
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. 2020-08-26 not yet calculated CVE-2020-3440
CISCO
codecanyon — online_hotel_booking_system_pro
 
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. 2020-08-27 not yet calculated CVE-2020-23984
MISC
create-project_manager — create-project_manager
 
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). 2020-08-27 not yet calculated CVE-2020-23974
MISC
MISC
dell — emc_onefs
 
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. 2020-08-27 not yet calculated CVE-2020-5383
MISC
designmasterevents — designmasterevents
 
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the ‘certificate.php’ 2020-08-27 not yet calculated CVE-2020-23982
MISC
MISC
designmasterevents — designmasterevents
 
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. 2020-08-27 not yet calculated CVE-2020-23980
MISC
MISC
dr_trust — ecg_pen_devices
 
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. 2020-08-26 not yet calculated CVE-2020-15486
MISC
edgemax — edgeswitch
 
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. 2020-08-21 not yet calculated CVE-2020-8234
MISC
MISC
MISC
ericom — access_server
 
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides “Cannot connect to” error messages to inform the attacker about closed ports. 2020-08-26 not yet calculated CVE-2020-24548
MISC
MISC
ericsson — ipecs
 
A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. 2020-08-25 not yet calculated CVE-2020-7824
MISC
MISC
expo — secure-store
 
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. 2020-08-26 not yet calculated CVE-2020-24653
MISC
eyesofnetwork — eonweb
 
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. 2020-08-27 not yet calculated CVE-2020-24390
CONFIRM
CONFIRM
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process’s dump command does not follow current best coding practices and may overwrite arbitrary files. 2020-08-26 not yet calculated CVE-2020-5912
MISC
f5 — big-ip
 
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. 2020-08-26 not yet calculated CVE-2020-5922
MISC
f5 — big-ip
 
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections. 2020-08-26 not yet calculated CVE-2020-5913
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. 2020-08-26 not yet calculated CVE-2020-5928
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. 2020-08-26 not yet calculated CVE-2020-5927
MISC
f5 — big-ip
 
In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. 2020-08-26 not yet calculated CVE-2020-5914
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. 2020-08-26 not yet calculated CVE-2020-5915
MISC
f5 — big-ip
 
in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected. 2020-08-26 not yet calculated CVE-2020-5921
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. 2020-08-26 not yet calculated CVE-2020-5916
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. 2020-08-26 not yet calculated CVE-2020-5917
MISC
f5 — big-ip
 
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. 2020-08-26 not yet calculated CVE-2020-5919
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. 2020-08-26 not yet calculated CVE-2020-5926
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances. 2020-08-26 not yet calculated CVE-2020-5925
MISC
f5 — big-ip
 
In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. 2020-08-26 not yet calculated CVE-2020-5924
MISC
f5 — big-ip
 
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. 2020-08-26 not yet calculated CVE-2020-5923
MISC
f5 — big-ip
 
In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. 2020-08-26 not yet calculated CVE-2020-5920
MISC
f5 — big-ip
 
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. 2020-08-26 not yet calculated CVE-2020-5918
MISC
fedora — fedora
 
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user’s U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. 2020-08-24 not yet calculated CVE-2020-24612
MISC
MISC
fedora — fedora
 
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it’s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. 2020-08-24 not yet calculated CVE-2020-14367
MISC
FEDORA
GENTOO
fluidbyte — codiad
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-24 not yet calculated CVE-2020-14044
MISC
MISC
fluidbyte — codiad
 
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn’t CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.” 2020-08-24 not yet calculated CVE-2020-14043
MISC
MISC
fossil — fossil
 
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. 2020-08-25 not yet calculated CVE-2020-24614
MLIST
MISC
CONFIRM
MISC
foxit — studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003. 2020-08-25 not yet calculated CVE-2020-17403
MISC
MISC
foxit — studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191. 2020-08-25 not yet calculated CVE-2020-17404
MISC
MISC
github — enterprise_server
 
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. 2020-08-27 not yet calculated CVE-2020-10517
CONFIRM
CONFIRM
CONFIRM
github — enterprise_server
 
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. 2020-08-27 not yet calculated CVE-2020-10518
MISC
MISC
MISC
gnome — geary
 
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. 2020-08-26 not yet calculated CVE-2020-24661
MISC
gnu — bison
 
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a ‘’ byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. 2020-08-25 not yet calculated CVE-2020-24240
MISC
MISC
MISC
gnupg — gnupg
 
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. 2020-08-29 not yet calculated CVE-2020-24972
MISC
MISC
GENTOO
grafana_labs — grafana
 
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. 2020-08-28 not yet calculated CVE-2019-19499
MISC
halo — halo
 
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user’s browser. 2020-08-26 not yet calculated CVE-2020-19007
MISC
hashicorp — vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. 2020-08-26 not yet calculated CVE-2020-16251
MISC
MISC
hashicorp — vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. 2020-08-26 not yet calculated CVE-2020-16250
MISC
MISC
hivemq — broker_control_center
 
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker’s JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator’s account of the Broker. 2020-08-26 not yet calculated CVE-2020-13821
MISC
MISC
hms_industrial_networks_ab — ecatcher
 
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. 2020-08-26 not yet calculated CVE-2020-14498
MISC
hoosk — codeigniter
 
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user’s intention. 2020-08-28 not yet calculated CVE-2020-16610
MISC
CONFIRM
ibm — resilient_soar
 
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236. 2020-08-28 not yet calculated CVE-2019-4579
XF
CONFIRM
ibm — resilient_soar
 
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. 2020-08-28 not yet calculated CVE-2019-4533
XF
CONFIRM
ibm — security_guardium_insights
 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. 2020-08-27 not yet calculated CVE-2020-4175
XF
CONFIRM
ibm — security_guardium_insights
 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. 2020-08-24 not yet calculated CVE-2020-4165
XF
CONFIRM
ibm — spectrum_protext_server
 
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. 2020-08-28 not yet calculated CVE-2020-4591
XF
CONFIRM
ibm — specturm_protect
 
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. 2020-08-28 not yet calculated CVE-2020-4559
XF
CONFIRM
ibm — trusteer_rapport/apex
 
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. 2020-08-24 not yet calculated CVE-2018-1985
XF
CONFIRM
inogard — ebiz4u
 
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. 2020-08-24 not yet calculated CVE-2020-7831
MISC
jackson — jackson
 
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). 2020-08-25 not yet calculated CVE-2020-24616
MISC
MISC
jetbrains — youtrack
 
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. 2020-08-27 not yet calculated CVE-2020-24618
MISC
MISC
jitsi — meet_electron
 
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. 2020-08-29 not yet calculated CVE-2020-25019
MISC
MISC
MISC
joomla — component_gmappfp
 
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. 2020-08-27 not yet calculated CVE-2020-23972
MISC
kandnconcepts_club — kandnconcepts_club
 
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the ‘team.php,player.php,club.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23977
MISC
kandnconcepts_club — kandnconcepts_club
 
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the ‘team.php,player.php,club.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23973
MISC
libiec61850 — libiec61850
 
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions. 2020-08-26 not yet calculated CVE-2020-15158
MISC
MISC
CONFIRM
maltego — maltego
 
Maltego before 4.2.12 allows XXE attacks. 2020-08-26 not yet calculated CVE-2020-24656
MISC
MISC
marvell — qconvergeconsole
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. 2020-08-25 not yet calculated CVE-2020-15639
MISC
MISC
maven — gradle_enterprise
 
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation). 2020-08-25 not yet calculated CVE-2020-15777
CONFIRM
mcafee — application_control
 
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. 2020-08-26 not yet calculated CVE-2020-7309
CONFIRM
mediawiki — mediawiki
 
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. 2020-08-28 not yet calculated CVE-2020-15164
MISC
CONFIRM
mercedes-benz — c_class_amg_premium_plus_c22_bluetec_vehicles
 
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. 2020-08-27 not yet calculated CVE-2020-16142
MISC
metasploit_framework — metasploit_framework
 
The Metasploit Framework module “post/osx/gather/enum_osx module” is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. 2020-08-24 not yet calculated CVE-2020-7376
CONFIRM
metasploit_framework — metasploit_framework
 
The Metasploit Framework module “auxiliary/admin/http/telpho10_credential_dump” module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. 2020-08-24 not yet calculated CVE-2020-7377
CONFIRM
michael-design — ichat_realtime_php_live_support_system
 
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. 2020-08-27 not yet calculated CVE-2020-23983
MISC
minetime — minetime
 
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. 2020-08-24 not yet calculated CVE-2020-24364
MISC
MISC
mitel — micollab
 
The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, 2020-08-26 not yet calculated CVE-2020-13767
MISC
CONFIRM
mitel — micollab
 
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. 2020-08-26 not yet calculated CVE-2020-11797
CONFIRM
CONFIRM
mitel — micollab
 
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. 2020-08-26 not yet calculated CVE-2020-13863
MISC
CONFIRM
mitel — mivoice_connect_client
 
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. 2020-08-26 not yet calculated CVE-2020-12456
MISC
CONFIRM
mitel — mivoice_phones
 
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. 2020-08-26 not yet calculated CVE-2020-13617
MISC
CONFIRM
moscajs — aedes_mqtt_broker
 
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. 2020-08-26 not yet calculated CVE-2020-13410
MISC
MISC
mpjx — mpjx
 
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. 2020-08-29 not yet calculated CVE-2020-25020
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. 2020-08-26 not yet calculated CVE-2020-15483
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. 2020-08-26 not yet calculated CVE-2020-15484
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. 2020-08-26 not yet calculated CVE-2020-15485
MISC
MISC
nescomed — multipara_monitor_m1000_devices
 
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. 2020-08-26 not yet calculated CVE-2020-15482
MISC
MISC
netflix — spinnaker
 
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. 2020-08-28 not yet calculated CVE-2020-9298
MISC
netgear — netgear
 
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. 2020-08-28 not yet calculated CVE-2020-5621
JVN
MISC
MISC
MISC
netwide — assembler
 
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. 2020-08-25 not yet calculated CVE-2020-24241
MISC
netwide — assembler
 
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. 2020-08-25 not yet calculated CVE-2020-24242
MISC
network_time_protocol — mintegraladsdk
 
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. 2020-08-24 not yet calculated CVE-2020-7705
MISC
MISC
MISC
nitori — nitori
 
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2020-08-28 not yet calculated CVE-2020-5623
MISC
nodebb — nodebb
 
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation. 2020-08-26 not yet calculated CVE-2020-15156
MISC
CONFIRM
MISC
nova — openstack
 
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. 2020-08-26 not yet calculated CVE-2020-17376
MISC
MISC
CONFIRM
oasis — digital_signature_services
 
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation. 2020-08-24 not yet calculated CVE-2020-13101
CONFIRM
MISC
octopus — deploy
 
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. 2020-08-25 not yet calculated CVE-2020-16197
CONFIRM
CONFIRM
CONFIRM
online_bike_rental  — online_bike_rental
 
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. 2020-08-27 not yet calculated CVE-2020-24196
MISC
openfzs — openzfs
 
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. 2020-08-27 not yet calculated CVE-2020-24716
MISC
MISC
MISC
MISC
openfzs — openzfs
 
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. 2020-08-27 not yet calculated CVE-2020-24717
MISC
MISC
MISC
MISC
opensis — community_edition
 
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. 2020-08-24 not yet calculated CVE-2020-6637
MISC
MISC
MISC
MISC
oracle — netsuite
 
Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N). 2020-08-27 not yet calculated CVE-2020-14729
MISC
oracle — netsuite
 
Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2020-08-27 not yet calculated CVE-2020-14728
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518. 2020-08-25 not yet calculated CVE-2020-17391
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030. 2020-08-25 not yet calculated CVE-2020-17390
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132. 2020-08-25 not yet calculated CVE-2020-17394
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11253. 2020-08-25 not yet calculated CVE-2020-17397
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063. 2020-08-25 not yet calculated CVE-2020-17402
MISC
MISC
php-fusion — php-fusion
 
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. 2020-08-26 not yet calculated CVE-2020-23658
MISC
premid — premid
 
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. 2020-08-29 not yet calculated CVE-2020-24928
MISC
projects_world — house_rental
 
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. 2020-08-27 not yet calculated CVE-2020-24202
MISC
MISC
projects_world — travel_managelemt_system
 
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. 2020-08-27 not yet calculated CVE-2020-24203
MISC
MISC
qemu — qemu
 
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. 2020-08-27 not yet calculated CVE-2020-14415
CONFIRM
UBUNTU
raspap — raspap
 
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). 2020-08-24 not yet calculated CVE-2020-24572
MISC
MISC
MISC
MISC
redhat — redhat
 
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. 2020-08-24 not yet calculated CVE-2020-10775
MISC
rust — rust
 
A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. 2020-08-29 not yet calculated CVE-2020-25016
MISC
MISC
scalyr_agent — scalyr_agent
 
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. 2020-08-27 not yet calculated CVE-2020-24714
MISC
scalyr_agent — scalyr_agent
 
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. 2020-08-27 not yet calculated CVE-2020-24715
MISC
secomea — gatemanager
 
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. 2020-08-25 not yet calculated CVE-2020-14500
MISC
secomea — gatemanager
 
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. 2020-08-25 not yet calculated CVE-2020-14508
MISC
secomea — gatemanager
 
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. 2020-08-25 not yet calculated CVE-2020-14510
MISC
seczetta — neprofile
 
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. 2020-08-26 not yet calculated CVE-2020-12855
MISC
sonatype — nexus_repository
 
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. 2020-08-25 not yet calculated CVE-2020-24622
MISC
squid — squid
 
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. 2020-08-24 not yet calculated CVE-2020-24606
MISC
MISC
DEBIAN
thames — dis
 
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 2020-08-21 not yet calculated CVE-2020-15858
CONFIRM
trend_micro — deep_security_manager
 
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 2020-08-27 not yet calculated CVE-2020-15601
MISC
MISC
trend_micro — vulnerability_protection
 
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 2020-08-27 not yet calculated CVE-2020-15605
MISC
MISC
trend_micro — deep_security
 
A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. 2020-08-27 not yet calculated CVE-2020-8602
MISC
umanni — umanni
 
Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. 2020-08-26 not yet calculated CVE-2020-24008
MISC
MISC
umanni — umanni
 
Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. 2020-08-26 not yet calculated CVE-2020-24007
MISC
MISC
vimeo — vimeo
 
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. 2020-08-27 not yet calculated CVE-2020-23576
MISC
webexcels — ecommerce_cms
 
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the ‘search.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23975
MISC
MISC
webexcels — ecommerce_cms
 
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the ‘content.php’ id parameter. 2020-08-27 not yet calculated CVE-2020-23976
MISC
MISC
wolfssl — woldssl
 
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. 2020-08-24 not yet calculated CVE-2020-24613
MISC
wordpress — wordpress Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. 2020-08-26 not yet calculated CVE-2020-24315
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. 2020-08-26 not yet calculated CVE-2020-11497
MISC
MISC
MISC
wordpress — wordpress
 
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. 2020-08-24 not yet calculated CVE-2020-24186
MISC
wordpress — wordpress
 
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the “Appointment_ID” GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. 2020-08-26 not yet calculated CVE-2020-24313
MISC
MISC
wordpress — wordpress
 
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the “t” GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. 2020-08-26 not yet calculated CVE-2020-24314
MISC
MISC
wordpress — wordpress
 
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the “role” GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. 2020-08-26 not yet calculated CVE-2020-24316
MISC
MISC
wso2 — mulitple_products An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. 2020-08-27 not yet calculated CVE-2020-24706
MISC
wso2 — mulitple_products
 
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. 2020-08-27 not yet calculated CVE-2020-24704
MISC
wso2 — mulitple_products
 
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. 2020-08-27 not yet calculated CVE-2020-24703
MISC
wso2 — mulitple_products
 
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. 2020-08-27 not yet calculated CVE-2020-24705
MISC
xoonips — xoonips
 
Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2020-08-28 not yet calculated CVE-2020-5625
MISC
MISC
MISC
xoonips — xoonips
 
SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2020-08-28 not yet calculated CVE-2020-5624
MISC
MISC
MISC

zrlog — zrlog

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. 2020-08-25 not yet calculated CVE-2020-19005
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.