Original release date: September 28, 2020
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aveva — edna_enterprise_data_historian | An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | 7.5 | CVE-2020-13508 MISC |
aveva — edna_enterprise_data_historian | Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | 7.5 | CVE-2020-13505 MISC |
aveva — edna_enterprise_data_historian | Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | 7.5 | CVE-2020-13503 MISC |
aveva — edna_enterprise_data_historian | An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | 2020-09-24 | 7.5 | CVE-2020-13501 MISC |
aveva — edna_enterprise_data_historian | SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | 2020-09-24 | 7.5 | CVE-2020-13500 MISC |
aveva — edna_enterprise_data_historian | An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | 2020-09-24 | 7.5 | CVE-2020-13499 MISC |
aveva — edna_enterprise_data_historian | An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter OrigID in Alias.asmx is vulnerable to unauthenticated SQL injection attacks An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | 7.5 | CVE-2020-13507 MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | 2020-09-24 | 7.5 | CVE-2020-12838 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. | 2020-09-24 | 7.5 | CVE-2020-12843 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | 2020-09-24 | 7.5 | CVE-2020-12842 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | 2020-09-24 | 7.5 | CVE-2020-12839 MISC MISC |
google — android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331 | 2020-09-18 | 7.5 | CVE-2020-0354 MISC |
google — chrome | Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6551 MISC MISC FEDORA |
google — chrome | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6549 MISC MISC FEDORA |
google — chrome | Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6550 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6548 MISC MISC FEDORA |
google — chrome | Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6552 MISC MISC FEDORA |
google — chrome | Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6553 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 9.3 | CVE-2020-6556 MISC MISC FEDORA |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979. | 2020-09-22 | 9 | CVE-2020-4620 XF CONFIRM |
ozeki — ozeki_ng_sms_gateway | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITYSYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). | 2020-09-22 | 9 | CVE-2020-14031 MISC MISC |
ozeki — ozeki_ng_sms_gateway | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module’s Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITYSYSTEM privileges. | 2020-09-22 | 9 | CVE-2020-14028 MISC MISC |
ozeki — ozeki_ng_sms_gateway | Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts (“Import Contacts” functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the “Application Starter” module) within the application. | 2020-09-22 | 9 | CVE-2020-14022 MISC MISC MISC |
ozeki — ozeki_ng_sms_gateway | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | 2020-09-22 | 9.3 | CVE-2020-14026 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — media_encoder | Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | 5.8 | CVE-2020-9745 MISC |
adobe — media_encoder | Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | 5.8 | CVE-2020-9744 MISC |
adobe — media_encoder | Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | 5.8 | CVE-2020-9739 MISC |
buffalo — airstation_whr-g54s_firmware | Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 2020-09-18 | 4 | CVE-2020-5605 MISC MISC |
buffalo — airstation_whr-g54s_firmware | Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | 2020-09-18 | 4.3 | CVE-2020-5606 MISC MISC |
corephp — pago_commerce | The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | 2020-09-18 | 6.5 | CVE-2020-25751 MISC MISC |
cpanel — cpanel | cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | 2020-09-25 | 4.3 | CVE-2020-26115 MISC |
cpanel — cpanel | cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | 2020-09-25 | 4.3 | CVE-2020-26114 MISC |
gogogate — ismartgate_pro_firmware | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. | 2020-09-24 | 4.3 | CVE-2020-12280 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. | 2020-09-24 | 5 | CVE-2020-12837 MISC MISC |
gogogate — ismartgate_pro_firmware | iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) | 2020-09-24 | 6.8 | CVE-2020-12282 MISC MISC |
gogogate — ismartgate_pro_firmware | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. | 2020-09-24 | 4.3 | CVE-2020-12281 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php | 2020-09-24 | 4.3 | CVE-2020-12840 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php | 2020-09-24 | 4.3 | CVE-2020-12841 MISC MISC |
gogogate — ismartgate_pro_firmware | ismartgate PRO 1.5.9 is vulnerable to clickjacking. | 2020-09-24 | 4.3 | CVE-2020-13119 MISC MISC |
google — android | In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | 2020-09-18 | 4.6 | CVE-2020-0347 MISC |
google — android | In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216 | 2020-09-18 | 5 | CVE-2020-0300 MISC |
google — android | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765 | 2020-09-18 | 6.8 | CVE-2020-0319 MISC |
google — android | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | 2020-09-18 | 4.6 | CVE-2020-0350 MISC |
google — android | In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081 | 2020-09-18 | 4.4 | CVE-2020-0271 MISC |
google — android | In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | 2020-09-18 | 4.4 | CVE-2020-0268 MISC |
google — android | In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | 2020-09-18 | 4.6 | CVE-2020-0405 MISC |
google — android | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119 | 2020-09-18 | 4.6 | CVE-2020-0299 MISC |
google — android | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 | 2020-09-18 | 4.6 | CVE-2020-0334 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | 2020-09-18 | 4 | CVE-2020-0348 MISC |
google — android | In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266 | 2020-09-18 | 4.6 | CVE-2020-0298 MISC |
google — android | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 | 2020-09-18 | 4.6 | CVE-2020-0335 MISC |
google — android | In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008 | 2020-09-18 | 4.6 | CVE-2020-0262 MISC |
google — android | In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | 2020-09-18 | 4.6 | CVE-2020-0089 MISC |
google — android | In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | 2020-09-18 | 4.9 | CVE-2020-0318 MISC |
google — android | In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320 | 2020-09-18 | 4.6 | CVE-2020-0309 MISC |
google — chrome | Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-09-21 | 4.3 | CVE-2020-6555 MISC MISC FEDORA |
google — chrome | Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 2020-09-21 | 4.3 | CVE-2020-6571 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome | Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | 2020-09-21 | 4.3 | CVE-2020-6570 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome | Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2020-09-21 | 4.3 | CVE-2020-6562 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome | Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-09-21 | 4.3 | CVE-2020-6558 SUSE SUSE SUSE MISC MISC |
google — chrome | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-09-21 | 6.8 | CVE-2020-15961 SUSE SUSE SUSE MISC MISC |
google — chrome | Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2020-09-21 | 4.3 | CVE-2020-6538 MISC MISC FEDORA |
google — chrome | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-15960 SUSE SUSE SUSE MISC MISC |
google — chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. | 2020-09-21 | 4.3 | CVE-2020-15966 SUSE SUSE SUSE MISC MISC |
google — chrome | Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. | 2020-09-21 | 4.3 | CVE-2020-15959 SUSE SUSE SUSE MISC MISC |
google — chrome | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6544 MISC MISC FEDORA |
google — chrome | Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6543 MISC MISC FEDORA |
google — chrome | Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | 2020-09-21 | 4.3 | CVE-2020-6547 MISC MISC FEDORA |
google — chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-09-21 | 6.8 | CVE-2020-15963 SUSE SUSE SUSE MISC MISC |
google — chrome | Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6541 MISC MISC FEDORA |
google — chrome | Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-15962 SUSE SUSE SUSE MISC MISC |
google — chrome | Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6545 MISC MISC FEDORA |
google — chrome | Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-09-21 | 6.8 | CVE-2020-6554 MISC MISC FEDORA |
google — chrome | Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6573 SUSE SUSE SUSE MISC MISC |
google — chrome | Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6542 MISC MISC FEDORA |
google — chrome | Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-15964 SUSE SUSE SUSE MISC MISC |
google — chrome | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6540 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 2020-09-21 | 4.6 | CVE-2020-6546 MISC MISC FEDORA |
google — chrome | Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6539 MISC MISC FEDORA |
google — chrome | Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6537 MISC MISC FEDORA |
google — chrome | Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-6532 MISC MISC FEDORA |
google — chrome | Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 2020-09-21 | 6.8 | CVE-2020-15965 SUSE SUSE SUSE MISC MISC |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics. | 2020-09-18 | 5 | CVE-2020-15775 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur. | 2020-09-18 | 5 | CVE-2020-15771 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path. | 2020-09-18 | 5 | CVE-2020-15768 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user’s password. | 2020-09-18 | 5 | CVE-2020-15770 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL. | 2020-09-18 | 4.3 | CVE-2020-15769 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure. | 2020-09-18 | 4.6 | CVE-2020-15774 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. | 2020-09-18 | 4 | CVE-2020-15773 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration. | 2020-09-18 | 4 | CVE-2020-15772 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie. | 2020-09-18 | 6.8 | CVE-2020-15776 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user’s anti-CSRF token if the user initiates a cleartext HTTP request. | 2020-09-18 | 4.3 | CVE-2020-15767 MISC CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983. | 2020-09-22 | 5 | CVE-2020-4622 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. | 2020-09-22 | 5 | CVE-2020-4616 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930. | 2020-09-22 | 5.8 | CVE-2020-4617 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927. | 2020-09-22 | 5 | CVE-2020-4614 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925. | 2020-09-22 | 5 | CVE-2020-4613 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | 2020-09-22 | 4 | CVE-2020-4612 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937. | 2020-09-22 | 4 | CVE-2020-4618 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. | 2020-09-22 | 4 | CVE-2020-4619 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. | 2020-09-22 | 6.5 | CVE-2020-4621 XF CONFIRM |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. | 2020-09-22 | 6.5 | CVE-2020-4611 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439. | 2020-09-21 | 5 | CVE-2020-4580 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438. | 2020-09-21 | 5 | CVE-2020-4579 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441. | 2020-09-21 | 5 | CVE-2020-4581 XF CONFIRM |
ibm — websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. | 2020-09-21 | 5 | CVE-2020-4643 XF CONFIRM |
misp — misp | An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | 2020-09-18 | 5 | CVE-2020-25766 MISC MISC |
nvidia — geforce_now | NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure. | 2020-09-18 | 5 | CVE-2020-5976 CONFIRM |
nvidia — geforce_now | NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. | 2020-09-18 | 5 | CVE-2020-5975 CONFIRM |
ozeki — ozeki_ng_sms_gateway | Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. | 2020-09-22 | 6.8 | CVE-2020-14025 MISC MISC |
ozeki — ozeki_ng_sms_gateway | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITYSYSTEM privileges. | 2020-09-18 | 4 | CVE-2020-14021 MISC MISC MISC |
ozeki — ozeki_ng_sms_gateway | Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | 2020-09-22 | 4 | CVE-2020-14023 MISC MISC |
ozeki — ozeki_ng_sms_gateway | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. | 2020-09-18 | 5 | CVE-2020-14029 MISC MISC |
ozeki — ozeki_ng_sms_gateway | Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. | 2020-09-22 | 4.3 | CVE-2020-14024 MISC MISC |
philips — clinical_collaboration_platform | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | 2020-09-18 | 4.3 | CVE-2020-14506 MISC |
philips — clinical_collaboration_platform | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-09-18 | 5.8 | CVE-2020-16198 MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. | 2020-09-19 | 5 | CVE-2020-25793 MISC MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). | 2020-09-19 | 5 | CVE-2020-25792 MISC MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). | 2020-09-19 | 5 | CVE-2020-25791 MISC MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. | 2020-09-19 | 5 | CVE-2020-25795 MISC MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. | 2020-09-19 | 5 | CVE-2020-25796 MISC MISC |
rust-lang — rust | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. | 2020-09-19 | 5 | CVE-2020-25794 MISC MISC |
safervpn — safervpn | SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%SaferVPNLog is followed. | 2020-09-18 | 5.5 | CVE-2020-25744 MISC MISC |
uniqlo — uniqlo | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | 4.3 | CVE-2020-5629 MISC |
uniqlo — uniqlo | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | 4.3 | CVE-2020-5628 MISC |
webtareas_project — webtareas | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | 2020-09-18 | 4.3 | CVE-2020-25735 MISC MISC MISC |
webtareas_project — webtareas | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 2020-09-18 | 5 | CVE-2020-25733 MISC MISC MISC |
webtareas_project — webtareas | webTareas through 2.1 allows files/Default/ Directory Listing. | 2020-09-18 | 5 | CVE-2020-25734 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google — android | In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | 2020-09-18 | 2.1 | CVE-2020-0365 MISC |
google — android | In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969 | 2020-09-18 | 2.1 | CVE-2020-0295 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 | 2020-09-18 | 3.5 | CVE-2020-0282 MISC |
google — android | In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130 | 2020-09-18 | 2.1 | CVE-2020-0263 MISC |
google — android | In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | 2020-09-18 | 2.1 | CVE-2020-0265 MISC |
google — android | In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626 | 2020-09-18 | 2.1 | CVE-2020-0269 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784 | 2020-09-18 | 2.1 | CVE-2020-0284 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479 | 2020-09-18 | 2.1 | CVE-2020-0285 MISC |
google — android | In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372 | 2020-09-18 | 2.1 | CVE-2020-0294 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375 | 2020-09-18 | 2.1 | CVE-2020-0302 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | 2020-09-18 | 3.5 | CVE-2020-0281 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695 | 2020-09-18 | 2.1 | CVE-2020-0304 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867 | 2020-09-18 | 2.1 | CVE-2020-0307 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468 | 2020-09-18 | 2.1 | CVE-2020-0310 MISC |
google — android | In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642 | 2020-09-18 | 2.1 | CVE-2020-0311 MISC |
google — android | In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989 | 2020-09-18 | 2.1 | CVE-2020-0313 MISC |
google — android | In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 | 2020-09-18 | 2.1 | CVE-2020-0315 MISC |
google — android | In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919 | 2020-09-18 | 2.1 | CVE-2020-0316 MISC |
google — android | In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309 | 2020-09-18 | 2.1 | CVE-2020-0325 MISC |
google — android | In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device’s IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 | 2020-09-18 | 2.1 | CVE-2020-0331 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779 | 2020-09-18 | 2.1 | CVE-2020-0349 MISC |
ibm — data_risk_manager | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928. | 2020-09-22 | 3.5 | CVE-2020-4615 XF CONFIRM |
ozeki — ozeki_ng_sms_gateway | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks. | 2020-09-22 | 3.5 | CVE-2020-14027 MISC MISC |
philips — clinical_collaboration_platform | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | 2020-09-18 | 2.7 | CVE-2020-14525 MISC |
philips — clinical_collaboration_platform | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 2020-09-18 | 3.3 | CVE-2020-16200 MISC |
philips — clinical_collaboration_platform | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 2020-09-18 | 3.6 | CVE-2020-16247 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — cyber_backup |
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | 2020-09-21 | not yet calculated | CVE-2020-16171 MISC MISC |
actfax_communication_software_gmbh — actfax |
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%ActiveFaxClient, %PROGRAMFILES%ActiveFaxInstall and %PROGRAMFILES%ActiveFaxTerminal. The folder permissions allow “Full Control” to “Everyone”. An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client. | 2020-09-24 | not yet calculated | CVE-2020-15843 MISC |
advantech — webaccess_node |
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. | 2020-09-22 | not yet calculated | CVE-2020-16202 MISC |
arista — cloudvision_portal |
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | 2020-09-22 | not yet calculated | CVE-2020-24333 MISC CONFIRM |
aruba — multiple_cx_switches |
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000. | 2020-09-23 | not yet calculated | CVE-2020-7122 MISC |
aruba — multiple_cx_switches |
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. | 2020-09-23 | not yet calculated | CVE-2020-7121 MISC |
atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application’s availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. | 2020-09-21 | not yet calculated | CVE-2020-14177 N/A |
atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. | 2020-09-21 | not yet calculated | CVE-2020-14179 MISC |
atlassian — jira_service_desk_server_and_data_center |
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | 2020-09-21 | not yet calculated | CVE-2020-14180 MISC |
aveva — edna_enterprise_data_historian
|
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | not yet calculated | CVE-2020-13504 MISC |
aveva — edna_enterprise_data_historian |
An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. | 2020-09-24 | not yet calculated | CVE-2020-13502 MISC |
aveva — edna_enterprise_data_historian |
Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability. | 2020-09-24 | not yet calculated | CVE-2020-13521 MISC |
aveva — edna_enterprise_data_historian |
An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. | 2020-09-24 | not yet calculated | CVE-2020-6153 MISC |
bhyve — bhyve |
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | 2020-09-25 | not yet calculated | CVE-2020-24718 MISC CONFIRM |
broadcom — brocade_fabric_os |
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | 2020-09-25 | not yet calculated | CVE-2020-15370 MISC |
broadcom — brocade_fabric_os |
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | 2020-09-25 | not yet calculated | CVE-2020-15369 MISC |
broadcom — brocade_fabric_os |
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | 2020-09-25 | not yet calculated | CVE-2020-15371 MISC |
broadcom — brocade_fabric_os |
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | 2020-09-25 | not yet calculated | CVE-2020-15372 MISC |
broadcom — brocade_fabric_os |
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | 2020-09-25 | not yet calculated | CVE-2020-15373 MISC |
broadcom — brocade_fabric_os |
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | 2020-09-25 | not yet calculated | CVE-2020-15374 MISC |
broadcom — brocade_sannav |
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. | 2020-09-25 | not yet calculated | CVE-2019-16212 MISC |
broadcom — brocade_sannav |
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | 2020-09-25 | not yet calculated | CVE-2019-16211 MISC |
broadcom — brocade_fabric_os | A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | 2020-09-25 | not yet calculated | CVE-2018-6448 MISC |
broadcom — brocade_fabric_os |
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers | 2020-09-25 | not yet calculated | CVE-2018-6449 MISC |
broadcom — brocade_fabric_os |
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | 2020-09-25 | not yet calculated | CVE-2018-6447 MISC |
cabot — cabot |
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | 2020-09-22 | not yet calculated | CVE-2020-7734 CONFIRM CONFIRM CONFIRM CONFIRM |
check_point — ica_management_portal |
Check Point Security Management’s Internal CA web management before Jumbo HFAs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. | 2020-09-24 | not yet calculated | CVE-2020-6020 MISC |
cisco — 4461_integrated_services_routers |
A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3414 CISCO |
cisco — 800_series_industrial_integrated_services_routers_and_1000_series_connected_grid_routers |
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3426 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. | 2020-09-23 | not yet calculated | CVE-2019-15992 CISCO |
cisco — aironet_access_point_software |
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention. | 2020-09-24 | not yet calculated | CVE-2020-3560 CISCO |
cisco — aironet_access_point_software |
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. | 2020-09-24 | not yet calculated | CVE-2020-3559 CISCO |
cisco — aironet_access_points_software |
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3552 CISCO |
cisco — anyconnect_secure_mobility_client |
A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application. | 2020-09-23 | not yet calculated | CVE-2019-16007 CISCO |
cisco — asr_1000_series_aggregation_services_routers |
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. | 2020-09-24 | not yet calculated | CVE-2020-3508 CISCO |
cisco — asr_900_series_aggregation_services_routers |
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device. | 2020-09-24 | not yet calculated | CVE-2020-3513 CISCO |
cisco — asr_900_series_aggregation_services_routers |
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device. | 2020-09-24 | not yet calculated | CVE-2020-3416 CISCO |
cisco — asyncos_software |
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device. | 2020-09-23 | not yet calculated | CVE-2020-3133 CISCO |
cisco — asyncos_software |
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server’s response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user’s browser. | 2020-09-23 | not yet calculated | CVE-2020-3117 CISCO |
cisco — catalyst_9200_series_switches | A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery. | 2020-09-24 | not yet calculated | CVE-2020-3527 CISCO |
cisco — catalyst_9200_series_switches |
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3510 CISCO |
cisco — catalyst_9800_series_routers |
A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state. | 2020-09-24 | not yet calculated | CVE-2020-3418 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3488 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3493 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3359 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3497 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3399 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3494 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3487 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3486 CISCO |
cisco — catalyst_9800_series_wireless_controllers |
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3489 CISCO |
cisco — catalyst_9800_series_wireless_controllers_and_and_wireless_LAN_controllers |
A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device. | 2020-09-24 | not yet calculated | CVE-2020-3492 CISCO |
cisco — cbr-8_converged_broadband_routers |
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces | 2020-09-24 | not yet calculated | CVE-2020-3509 CISCO |
cisco — cbr-8_converged_broadband_routers |
A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device. | 2020-09-24 | not yet calculated | CVE-2020-3526 CISCO |
cisco — email_security_appliance |
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. | 2020-09-23 | not yet calculated | CVE-2019-1947 CISCO |
cisco — email_security_appliance |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | 2020-09-23 | not yet calculated | CVE-2020-3137 CISCO |
cisco — email_security_appliance_and_content_security_management_appliance |
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. | 2020-09-23 | not yet calculated | CVE-2019-1983 CISCO |
cisco — emergency_responder |
A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. | 2020-09-23 | not yet calculated | CVE-2019-16025 CISCO |
cisco — firepower_management_center |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device. | 2020-09-23 | not yet calculated | CVE-2019-16028 CISCO |
cisco — hosted_collaboration_mediation_fulfillment |
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user. | 2020-09-23 | not yet calculated | CVE-2020-3124 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3479 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. | 2020-09-23 | not yet calculated | CVE-2019-16009 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3408 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3511 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. | 2020-09-24 | not yet calculated | CVE-2020-3512 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device. | 2020-09-24 | not yet calculated | CVE-2020-3409 CISCO |
cisco — ios_and_ios_xe_software |
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible. | 2020-09-24 | not yet calculated | CVE-2020-3477 CISCO |
cisco — ios_xe_software | Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3480 CISCO |
cisco — ios_xe_software | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3474 CISCO |
cisco — ios_xe_software | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3475 CISCO |
cisco — ios_xe_software |
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability. | 2020-09-24 | not yet calculated | CVE-2020-3393 CISCO |
cisco — ios_xe_software |
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device’s guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | 2020-09-24 | not yet calculated | CVE-2020-3503 CISCO |
cisco — ios_xe_software |
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted. | 2020-09-24 | not yet calculated | CVE-2020-3403 CISCO |
cisco — ios_xe_software |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user. | 2020-09-24 | not yet calculated | CVE-2020-3400 CISCO |
cisco — ios_xe_software |
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3141 CISCO |
cisco — ios_xe_software |
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device. | 2020-09-24 | not yet calculated | CVE-2020-3423 CISCO |
cisco — ios_xe_software |
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3425 CISCO |
cisco — ios_xe_software |
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. | 2020-09-24 | not yet calculated | CVE-2020-3404 CISCO |
cisco — ios_xe_software |
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server. | 2020-09-24 | not yet calculated | CVE-2020-3516 CISCO |
cisco — ios_xe_software |
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. | 2020-09-24 | not yet calculated | CVE-2020-3396 CISCO |
cisco — ios_xe_software |
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2020-09-24 | not yet calculated | CVE-2020-3407 CISCO |
cisco — ios_xe_software |
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device. | 2020-09-24 | not yet calculated | CVE-2020-3417 CISCO |
cisco — ios_xe_software |
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2020-09-24 | not yet calculated | CVE-2020-3465 CISCO |
cisco — ios_xe_software |
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-09-24 | not yet calculated | CVE-2020-3421 CISCO |
cisco — ios_xe_software |
A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3422 CISCO |
cisco — ios_xe_software |
A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. | 2020-09-24 | not yet calculated | CVE-2020-3476 CISCO |
cisco — ios_xe_wireless_controller_software |
A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3429 CISCO |
cisco — ios_xe_wireless_controller_software |
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3390 CISCO |
cisco — ios_xe_wireless_controller_software |
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition. | 2020-09-24 | not yet calculated | CVE-2020-3428 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. | 2020-09-23 | not yet calculated | CVE-2019-16023 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. | 2020-09-23 | not yet calculated | CVE-2019-16021 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities. | 2020-09-23 | not yet calculated | CVE-2020-3569 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. | 2020-09-23 | not yet calculated | CVE-2019-16019 CISCO |
cisco — managed_services_accelerator |
A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user’s HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | 2020-09-23 | not yet calculated | CVE-2019-15974 CISCO |
cisco — multiple_products |
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account. | 2020-09-23 | not yet calculated | CVE-2020-3143 CISCO |
cisco — multiple_routers |
A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | 2020-09-24 | not yet calculated | CVE-2020-3524 CISCO |
cisco — network_recording_player_and_webex_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-09-23 | not yet calculated | CVE-2019-15287 CISCO |
cisco — network_recording_player_and_webex_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-09-23 | not yet calculated | CVE-2019-15285 CISCO |
cisco — small_business_rv_series_routers |
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user. | 2020-09-23 | not yet calculated | CVE-2019-15957 CISCO |
cisco — small_business_spa500_series_ip_phones |
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context. | 2020-09-23 | not yet calculated | CVE-2019-15959 CISCO |
cisco — small_business_switches |
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files. | 2020-09-23 | not yet calculated | CVE-2019-15993 CISCO |
cisco — telepresence_collaboration_endpoint_and_roomos_software |
Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device. | 2020-09-23 | not yet calculated | CVE-2019-15289 CISCO |
cisco — ucs_c-series_rack_servers |
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | 2020-09-23 | not yet calculated | CVE-2019-1736 CISCO |
cisco — umbrella_roaming_client |
A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications. | 2020-09-23 | not yet calculated | CVE-2019-16000 CISCO |
cisco — unified_communications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. | 2020-09-23 | not yet calculated | CVE-2019-15963 CISCO |
cisco — unified_comunications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. | 2020-09-23 | not yet calculated | CVE-2020-3135 CISCO |
cisco — unified_contact_center_express |
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root. | 2020-09-23 | not yet calculated | CVE-2019-1888 CISCO |
cisco — unified_customer_voice_portal |
A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition. | 2020-09-23 | not yet calculated | CVE-2019-16017 CISCO |
cisco — unity_connection |
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. | 2020-09-23 | not yet calculated | CVE-2020-3130 CISCO |
cisco — vision_dynamic_signage_director |
A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API. | 2020-09-23 | not yet calculated | CVE-2019-16004 CISCO |
cisco — web_security_appliance |
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. | 2020-09-23 | not yet calculated | CVE-2019-15969 CISCO |
cisco — webex |
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly. | 2020-09-23 | not yet calculated | CVE-2020-3116 CISCO |
cisco — webex_network_recording_player_and_webex_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-09-23 | not yet calculated | CVE-2019-15283 CISCO |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | 2020-09-18 | not yet calculated | CVE-2020-8247 MISC |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | 2020-09-18 | not yet calculated | CVE-2020-8246 MISC |
citrix — multiple_products |
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. | 2020-09-18 | not yet calculated | CVE-2020-8245 MISC |
citrix — storefront_server |
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | 2020-09-18 | not yet calculated | CVE-2020-8200 MISC |
citrix — xenmobile_server |
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | 2020-09-18 | not yet calculated | CVE-2020-8253 MISC |
cpanel — cpanel | cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | 2020-09-25 | not yet calculated | CVE-2020-26106 MISC |
cpanel — cpanel |
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | 2020-09-25 | not yet calculated | CVE-2020-26100 MISC |
cpanel — cpanel |
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | 2020-09-25 | not yet calculated | CVE-2020-26101 MISC |
cpanel — cpanel |
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | 2020-09-25 | not yet calculated | CVE-2020-26113 MISC |
cpanel — cpanel |
The email quota cache in cPanel before 90.0.10 allows overwriting of files. | 2020-09-25 | not yet calculated | CVE-2020-26112 MISC |
cpanel — cpanel |
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | 2020-09-25 | not yet calculated | CVE-2020-26111 MISC |
cpanel — cpanel |
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | 2020-09-25 | not yet calculated | CVE-2020-26110 MISC |
cpanel — cpanel |
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | 2020-09-25 | not yet calculated | CVE-2020-26109 MISC |
cpanel — cpanel |
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | 2020-09-25 | not yet calculated | CVE-2020-26107 MISC |
cpanel — cpanel |
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | 2020-09-25 | not yet calculated | CVE-2020-26098 MISC |
cpanel — cpanel |
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | 2020-09-25 | not yet calculated | CVE-2020-26105 MISC |
cpanel — cpanel |
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | 2020-09-25 | not yet calculated | CVE-2020-26108 MISC |
cpanel — cpanel |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | 2020-09-25 | not yet calculated | CVE-2020-26104 MISC |
cpanel — cpanel |
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | 2020-09-25 | not yet calculated | CVE-2020-26103 MISC |
cpanel — cpanel |
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | 2020-09-25 | not yet calculated | CVE-2020-26099 MISC |
cpanel — cpanel |
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | 2020-09-25 | not yet calculated | CVE-2020-26102 MISC |
d-link — multiple_devices |
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. | 2020-09-19 | not yet calculated | CVE-2020-25786 MISC MISC |
f5 — big-ip |
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods. | 2020-09-25 | not yet calculated | CVE-2020-5930 MISC |
f5 — big-ip |
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. | 2020-09-25 | not yet calculated | CVE-2020-5929 MISC |
fortiguard — fortinac |
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | 2020-09-24 | not yet calculated | CVE-2020-12816 CONFIRM |
fortiguard — fortitester |
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | 2020-09-24 | not yet calculated | CVE-2020-12815 CONFIRM |
fortiguard — fortianalyzer |
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | 2020-09-24 | not yet calculated | CVE-2020-12817 CONFIRM |
fortiguard — fortigate |
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | 2020-09-24 | not yet calculated | CVE-2020-12818 CONFIRM |
fortiguard — fortimanager_and_fortianalyzer |
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | 2020-09-24 | not yet calculated | CVE-2020-12811 CONFIRM |
gemtek — wrtm-127acn_and_wrtm-127x9_devices |
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127×9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | 2020-09-24 | not yet calculated | CVE-2020-24365 MISC |
general_electric — digital_apm_classic |
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges. | 2020-09-23 | not yet calculated | CVE-2020-16240 MISC |
general_electric — digital_apm_classic |
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | 2020-09-23 | not yet calculated | CVE-2020-16244 MISC |
general_electric — reason_s20_ethernet_switch |
The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | 2020-09-25 | not yet calculated | CVE-2020-16242 MISC |
getsimple — getsimple_cms |
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. | 2020-09-25 | not yet calculated | CVE-2020-23837 MISC MISC |
glpi — glpi |
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium. | 2020-09-23 | not yet calculated | CVE-2020-11031 MISC CONFIRM |
gon_gem_for_ruby_on_rails — gon_gem_for_ruby_on_rails |
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. | 2020-09-23 | not yet calculated | CVE-2020-25739 CONFIRM MLIST |
google — android |
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application’s context, which is shown as a full-screen overlay to the user. | 2020-09-25 | not yet calculated | CVE-2020-25203 MISC MISC |
google — chrome | Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6567 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6576 SUSE SUSE SUSE MISC MISC |
google — chrome |
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6566 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6569 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6563 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6568 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6575 SUSE SUSE SUSE MISC MISC |
google — chrome |
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6561 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. | 2020-09-21 | not yet calculated | CVE-2020-6574 SUSE SUSE SUSE MISC MISC |
google — chrome |
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6565 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6560 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6564 SUSE SUSE SUSE MISC MISC FEDORA |
google — chrome |
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-09-21 | not yet calculated | CVE-2020-6559 SUSE SUSE SUSE MISC MISC FEDORA |
hak5 — wifi_pineapple_mark_vii |
A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark VII 1.x before 1.0.1-beta.2020091914551 devices. An unauthenticated user can connect to the wireless management network, including the open wireless network, and access all files and subdirectories under /pineapple/ui, regardless of file permissions. | 2020-09-25 | not yet calculated | CVE-2020-25726 MISC MISC |
hewlett_packard — pay_per_use_utility_computing_service |
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 2020-09-23 | not yet calculated | CVE-2020-24624 MISC |
hewlett_packard — pay_per_use_utility_computing_service |
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 2020-09-23 | not yet calculated | CVE-2020-24625 MISC |
hewlett_packard — pay_per_use_utility_computing_service |
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 2020-09-23 | not yet calculated | CVE-2020-24626 MISC |
hewlett_packard — universal_api_framework |
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | 2020-09-18 | not yet calculated | CVE-2020-24623 MISC MISC |
ibm — aspera_web_application |
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055. | 2020-09-21 | not yet calculated | CVE-2020-4731 XF CONFIRM |
ibm — business_automation_content_analyzer |
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | 2020-09-21 | not yet calculated | CVE-2020-4315 XF CONFIRM |
ibm — business_automation_workflow_and_business_process_manager |
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. | 2020-09-25 | not yet calculated | CVE-2020-4531 XF CONFIRM |
ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. | 2020-09-25 | not yet calculated | CVE-2020-4727 XF CONFIRM |
ibm — security_secret_server |
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | 2020-09-23 | not yet calculated | CVE-2020-4340 XF CONFIRM |
ibm — security_secret_server |
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. | 2020-09-23 | not yet calculated | CVE-2020-4324 XF CONFIRM |
ibm — websphere_application_server |
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650. | 2020-09-21 | not yet calculated | CVE-2020-4590 XF CONFIRM |
ignitenet — helios_glinq |
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users. | 2020-09-23 | not yet calculated | CVE-2020-5781 MISC |
ignitenet — helios_glinq |
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection. | 2020-09-23 | not yet calculated | CVE-2020-5782 MISC |
ignitenet — helios_glinq |
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. | 2020-09-23 | not yet calculated | CVE-2020-5783 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | 2020-09-23 | not yet calculated | CVE-2020-2280 MLIST CONFIRM |
jenkins — jenkins |
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-09-23 | not yet calculated | CVE-2020-2284 MLIST CONFIRM |
jenkins — jenkins |
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. | 2020-09-23 | not yet calculated | CVE-2020-2283 MLIST CONFIRM |
jenkins — jenkins |
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | 2020-09-23 | not yet calculated | CVE-2020-2282 MLIST CONFIRM |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | 2020-09-23 | not yet calculated | CVE-2020-2281 MLIST CONFIRM |
jenkins — jenkins |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. | 2020-09-23 | not yet calculated | CVE-2020-2279 MLIST CONFIRM |
jenkins — jenkins |
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2020-09-23 | not yet calculated | CVE-2020-2285 MLIST CONFIRM |
jerryscript — jerryscript | vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | 2020-09-24 | not yet calculated | CVE-2020-13991 CONFIRM MISC MISC MISC MISC |
joomla — joomla! |
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | 2020-09-24 | not yet calculated | CVE-2020-19447 MISC |
joomla — joomla! |
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | 2020-09-25 | not yet calculated | CVE-2020-19455 MISC |
joomla — joomla! |
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | 2020-09-25 | not yet calculated | CVE-2020-19450 MISC |
joomla — joomla! |
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | 2020-09-25 | not yet calculated | CVE-2020-19451 MISC |
joplin — joplin |
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. | 2020-09-24 | not yet calculated | CVE-2020-15930 MISC CONFIRM |
json-bigint — json-bigint |
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | 2020-09-18 | not yet calculated | CVE-2020-8237 MISC |
lenovo — desktops_and_thinkstation |
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | 2020-09-24 | not yet calculated | CVE-2020-8333 CONFIRM |
lenovo — enterprise_network_disk |
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user’s browser if a crafted url is visited, possibly through phishing. | 2020-09-24 | not yet calculated | CVE-2020-8347 CONFIRM |
lenovo — enterprise_network_disk |
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user’s current browser session if a crafted url is visited, possibly through phishing. | 2020-09-24 | not yet calculated | CVE-2020-8348 CONFIRM |
libuv — libuv |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | 2020-09-18 | not yet calculated | CVE-2020-8252 MISC MISC |
liferay — liferay_portal_and_liferay_dxp |
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property ‘portlet.resource.id.banned.paths.regexp’ can be bypassed with doubled encoded URLs. | 2020-09-24 | not yet calculated | CVE-2020-15840 CONFIRM MISC CONFIRM |
liferay — liferay_portal_and_liferay_dxp |
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | 2020-09-22 | not yet calculated | CVE-2020-15839 MISC MISC MISC CONFIRM |
linux — linux_kernel |
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | 2020-09-24 | not yet calculated | CVE-2020-26088 MISC MISC |
micro_focus — operation_agent |
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | 2020-09-18 | not yet calculated | CVE-2020-11861 MISC |
micro_focus — operation_bridge_reporter |
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | 2020-09-22 | not yet calculated | CVE-2020-11857 MISC MISC |
micro_focus — operation_bridge_reporter |
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. | 2020-09-22 | not yet calculated | CVE-2020-11856 MISC MISC |
micro_focus — operation_bridge_reporter |
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | 2020-09-22 | not yet calculated | CVE-2020-11855 MISC MISC |
mitel — micloud_management_portal |
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. | 2020-09-25 | not yet calculated | CVE-2020-24595 MISC CONFIRM |
mitel — micloud_management_portal |
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | 2020-09-25 | not yet calculated | CVE-2020-24593 MISC CONFIRM |
mitel — micloud_management_portal |
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | 2020-09-25 | not yet calculated | CVE-2020-24592 MISC CONFIRM |
mitel — micloud_management_portal |
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | 2020-09-25 | not yet calculated | CVE-2020-24594 MISC CONFIRM |
mitel — micontact_center_business |
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | 2020-09-25 | not yet calculated | CVE-2020-24692 MISC CONFIRM |
nakivo — backup_and_replication_director |
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable. | 2020-09-24 | not yet calculated | CVE-2020-15850 MISC |
nakivo — backup_and_replication_transporter |
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories. | 2020-09-24 | not yet calculated | CVE-2020-15851 MISC |
nextcloud — desktop_client |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 2020-09-18 | not yet calculated | CVE-2020-8225 MISC MISC |
ng-packagr — ng-packagr |
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | 2020-09-25 | not yet calculated | CVE-2020-7735 CONFIRM CONFIRM |
node.js — node.js |
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | 2020-09-18 | not yet calculated | CVE-2020-8251 MISC MISC |
node.js — node.js |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | 2020-09-18 | not yet calculated | CVE-2020-8201 MISC MISC |
oauth-ruby_gem_for_ruby_on_rails — oauth-ruby_gem_for_ruby_on_rails | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | 2020-09-24 | not yet calculated | CVE-2016-11086 MISC |
observium — multiple_products | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25132 MISC |
observium — multiple_products | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25134 MISC |
observium — multiple_products | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | 2020-09-25 | not yet calculated | CVE-2020-25141 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25148 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25136 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25147 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | 2020-09-25 | not yet calculated | CVE-2020-25146 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25145 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php. | 2020-09-25 | not yet calculated | CVE-2020-25143 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25140 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25139 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. | 2020-09-25 | not yet calculated | CVE-2020-25142 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | 2020-09-25 | not yet calculated | CVE-2020-25137 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25149 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI. | 2020-09-25 | not yet calculated | CVE-2020-25135 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25133 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI. | 2020-09-25 | not yet calculated | CVE-2020-25131 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field. | 2020-09-25 | not yet calculated | CVE-2020-25130 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | 2020-09-25 | not yet calculated | CVE-2020-25138 MISC |
observium — multiple_products |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | 2020-09-25 | not yet calculated | CVE-2020-25144 MISC |
openmrs — openmrs |
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. | 2020-09-25 | not yet calculated | CVE-2020-24621 MISC MISC MISC MISC MISC |
ory — fosite |
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0 | 2020-09-24 | not yet calculated | CVE-2020-15223 MISC CONFIRM MISC |
ory — fosite |
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using “private_key_jwt” authentication the uniqueness of the `jti` value is not checked. When using client authentication method “private_key_jwt”, OpenId specification says the following about assertion `jti`: “A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties”. Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0. | 2020-09-24 | not yet calculated | CVE-2020-15222 MISC CONFIRM MISC |
pagure — pagure |
Pagure before 5.6 allows XSS via the templates/blame.html blame view. | 2020-09-25 | not yet calculated | CVE-2019-11556 CONFIRM CONFIRM MISC |
pango — hotspot_shield_vpn |
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. | 2020-09-24 | not yet calculated | CVE-2020-17365 MISC |
peg-markdown — peg-markdown |
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-09-23 | not yet calculated | CVE-2020-25821 MISC |
pexip — infinity |
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | 2020-09-24 | not yet calculated | CVE-2015-4719 MISC |
pexip — infinity |
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | 2020-09-25 | not yet calculated | CVE-2020-13387 CONFIRM MISC |
pexip — infinity |
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | 2020-09-25 | not yet calculated | CVE-2019-7178 MISC CONFIRM |
pexip — infinity |
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. | 2020-09-25 | not yet calculated | CVE-2017-17477 CONFIRM CONFIRM |
pexip — infinity |
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | 2020-09-25 | not yet calculated | CVE-2018-10432 CONFIRM MISC |
pexip — infinity |
Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | 2020-09-25 | not yet calculated | CVE-2018-10585 CONFIRM MISC |
pexip — infinity |
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | 2020-09-25 | not yet calculated | CVE-2020-24615 CONFIRM MISC |
pexip — infinity |
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | 2020-09-25 | not yet calculated | CVE-2020-12824 CONFIRM MISC |
pexip — infinity |
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | 2020-09-25 | not yet calculated | CVE-2019-7177 MISC CONFIRM |
pexip — reverse_proxy_and_turn_server |
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | 2020-09-25 | not yet calculated | CVE-2020-11805 CONFIRM |
phpgurukul — zoo_management_system |
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | 2020-09-22 | not yet calculated | CVE-2020-25487 MISC MISC MISC |
ping_identity — pingid_integration_for_windows_login |
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | 2020-09-23 | not yet calculated | CVE-2020-25826 MISC MISC |
podman — podman |
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. | 2020-09-23 | not yet calculated | CVE-2020-14370 MISC |
prestashop — prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8. | 2020-09-24 | not yet calculated | CVE-2020-15162 MISC MISC CONFIRM |
prestashop — prestashop
|
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8 | 2020-09-24 | not yet calculated | CVE-2020-15161 MISC MISC CONFIRM |
prestashop — prestashop |
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8 | 2020-09-24 | not yet calculated | CVE-2020-15160 MISC MISC CONFIRM |
qemu — qemu |
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | 2020-09-25 | not yet calculated | CVE-2020-25625 CONFIRM MISC |
qemu — qemu |
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | 2020-09-25 | not yet calculated | CVE-2020-25084 CONFIRM MISC |
qemu — qemu |
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | 2020-09-25 | not yet calculated | CVE-2020-25085 CONFIRM MISC MISC |
red_hat — ansible_engine |
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. | 2020-09-23 | not yet calculated | CVE-2020-14365 MISC |
red_hat — undertow |
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. | 2020-09-23 | not yet calculated | CVE-2020-10687 MISC |
rubetek — multiple_cameras | The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality. | 2020-09-25 | not yet calculated | CVE-2020-25749 MISC |
rubetek — multiple_cameras |
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values. | 2020-09-25 | not yet calculated | CVE-2020-25748 MISC |
rubetek — multiple_cameras |
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings. | 2020-09-25 | not yet calculated | CVE-2020-25747 MISC |
shotcut — shotcut |
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. | 2020-09-22 | not yet calculated | CVE-2020-24619 MISC CONFIRM |
sophos — sg_utm |
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 2020-09-25 | not yet calculated | CVE-2020-25223 MISC CONFIRM |
sourcecodester — simple_library_management_system |
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. | 2020-09-22 | not yet calculated | CVE-2020-25514 MISC MISC MISC |
sourcecodester — simple_library_management_system |
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. | 2020-09-22 | not yet calculated | CVE-2020-25515 MISC MISC MISC |
spring — framework |
In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 2020-09-19 | not yet calculated | CVE-2020-5421 CONFIRM |
telestream — tektronix_medius_and_sentry |
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page). | 2020-09-22 | not yet calculated | CVE-2020-8887 MISC |
telmat — accesslog |
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network. | 2020-09-24 | not yet calculated | CVE-2020-16148 MISC |
telmat — accesslog |
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network. | 2020-09-24 | not yet calculated | CVE-2020-16147 MISC |
tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15199 MISC MISC CONFIRM |
tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.” | 2020-09-25 | not yet calculated | CVE-2020-15194 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15205 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15190 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15191 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15192 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15193 MISC MISC CONFIRM |
tensorflow — tensorflow |
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15204 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don’t validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15196 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15198 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15195 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15200 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15201 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15202 MISC MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15203 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow’s `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15206 MISC MISC CONFIRM |
tensorflow — tensorflow |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15197 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | not yet calculated | CVE-2020-15214 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | not yet calculated | CVE-2020-15213 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | not yet calculated | CVE-2020-15212 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15209 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15210 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15208 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python’s indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | not yet calculated | CVE-2020-15207 MISC MISC CONFIRM |
tensorflow — tensorflow_lite |
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don’t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code. | 2020-09-25 | not yet calculated | CVE-2020-15211 MISC MISC MISC MISC MISC MISC MISC CONFIRM |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. | 2020-09-19 | not yet calculated | CVE-2020-25789 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST[“url”] in an error message. | 2020-09-19 | not yet calculated | CVE-2020-25788 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. | 2020-09-19 | not yet calculated | CVE-2020-25787 MISC MISC |
trend_micro — security_2019 |
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified. | 2020-09-24 | not yet calculated | CVE-2020-15604 MISC MISC MISC MISC |
trend_micro — security_2019 |
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | 2020-09-24 | not yet calculated | CVE-2020-24560 MISC MISC MISC MISC |
typeorm — typeorm |
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | 2020-09-18 | not yet calculated | CVE-2020-8158 MISC |
typesetter — typesetter |
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because “admins are considered trustworthy”; however, the behavior “contradicts our security policy” and is being fixed for 5.2. | 2020-09-19 | not yet calculated | CVE-2020-25790 MISC |
u.s._airforce_research_lab — sensor_data_management_system_website |
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer. | 2020-09-25 | not yet calculated | CVE-2020-13995 MISC |
untis — webuntis |
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information. | 2020-09-24 | not yet calculated | CVE-2020-22453 MISC MISC |
verint — workforce_optimization |
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | 2020-09-22 | not yet calculated | CVE-2020-23446 MISC MISC MISC |
vmware — horizon_daas |
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | 2020-09-22 | not yet calculated | CVE-2020-3977 MISC |
wildfly — elytron |
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-23 | not yet calculated | CVE-2020-10714 MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability. | 2020-09-23 | not yet calculated | CVE-2020-25602 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen’s sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability. | 2020-09-23 | not yet calculated | CVE-2020-25596 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn’t acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. | 2020-09-23 | not yet calculated | CVE-2020-25604 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering. | 2020-09-23 | not yet calculated | CVE-2020-25603 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. | 2020-09-23 | not yet calculated | CVE-2020-25599 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics. | 2020-09-23 | not yet calculated | CVE-2020-25601 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn’t get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable. | 2020-09-23 | not yet calculated | CVE-2020-25600 FEDORA MISC |
xen — xen |
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don’t use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability. | 2020-09-23 | not yet calculated | CVE-2020-25598 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable. | 2020-09-23 | not yet calculated | CVE-2020-25597 FEDORA MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen’s MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn’t be able to affect these registers, experience shows that it’s very common for devices to have out-of-spec “backdoor” operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec (“backdoor”) functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it’s better to assume that it does. | 2020-09-23 | not yet calculated | CVE-2020-25595 FEDORA MISC |
ygopro — ygocore |
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread’s memory. | 2020-09-23 | not yet calculated | CVE-2020-24213 MISC |
zoho — manageengine_applications_manager |
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | 2020-09-25 | not yet calculated | CVE-2020-15521 MISC CONFIRM |
zoho — manageengine_applications_manager |
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 2020-09-25 | not yet calculated | CVE-2020-15394 MISC CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.