Original release date: October 5, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cpanel — cpanel | cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | 2020-09-25 | 7.5 | CVE-2020-26108 MISC |
| cpanel — cpanel | chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | 2020-09-25 | 7.5 | CVE-2020-26100 MISC |
| cpanel — cpanel | cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | 2020-09-25 | 7.5 | CVE-2020-26098 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | 2020-10-02 | 7.5 | CVE-2020-26539 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | 2020-10-02 | 7.5 | CVE-2020-26537 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | 2020-10-02 | 7.5 | CVE-2020-26535 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | 2020-10-02 | 7.5 | CVE-2020-26534 MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | 2020-09-30 | 7.5 | CVE-2020-13296 CONFIRM MISC MISC |
| hoosk — hoosk | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | 2020-09-30 | 7.5 | CVE-2020-26042 MISC |
| hoosk — hoosk | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | 2020-09-30 | 7.5 | CVE-2020-26041 MISC |
| metinfo — metinfo | An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | 2020-09-30 | 7.5 | CVE-2020-20800 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. | 2020-09-25 | 7.5 | CVE-2020-25147 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. | 2020-09-25 | 7.5 | CVE-2020-25132 MISC |
| pexip — infinity | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | 2020-09-25 | 7.8 | CVE-2018-10432 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | 2020-09-25 | 9.3 | CVE-2020-11805 CONFIRM |
| pexip — pexip_infinity | Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | 2020-09-25 | 9 | CVE-2019-7177 MISC CONFIRM |
| pexip — pexip_infinity | Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | 2020-09-25 | 7.8 | CVE-2018-10585 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | 2020-09-25 | 9 | CVE-2019-7178 MISC CONFIRM |
| rainbowfishsoftware — pacsone_server | RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | 2020-09-30 | 7.5 | CVE-2020-12870 MISC MISC |
| teltonika-networks — trb245_firmware | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. | 2020-10-01 | 8.5 | CVE-2020-5788 MISC |
| teltonika-networks — trb245_firmware | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. | 2020-10-01 | 8.5 | CVE-2020-5787 MISC |
| tensorflow — tensorflow | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | 7.5 | CVE-2020-15212 MISC MISC CONFIRM |
| tensorflow — tensorflow | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 7.5 | CVE-2020-15208 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 7.5 | CVE-2020-15205 MISC MISC CONFIRM |
| zohocorp — manageengine_applications_manager | The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 2020-09-25 | 7.5 | CVE-2020-15394 MISC CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cpanel — cpanel | In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | 2020-09-25 | 5 | CVE-2020-26102 MISC |
| cpanel — cpanel | cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | 2020-09-25 | 4.3 | CVE-2020-26110 MISC |
| cpanel — cpanel | cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | 2020-09-25 | 5 | CVE-2020-26109 MISC |
| cpanel — cpanel | cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | 2020-09-25 | 5 | CVE-2020-26107 MISC |
| cpanel — cpanel | cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | 2020-09-25 | 5 | CVE-2020-26106 MISC |
| cpanel — cpanel | In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | 2020-09-25 | 5 | CVE-2020-26105 MISC |
| cpanel — cpanel | In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | 2020-09-25 | 5 | CVE-2020-26104 MISC |
| cpanel — cpanel | cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | 2020-09-25 | 4.3 | CVE-2020-26111 MISC |
| cpanel — cpanel | cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | 2020-09-25 | 4.3 | CVE-2020-26113 MISC |
| cpanel — cpanel | In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | 2020-09-25 | 5 | CVE-2020-26103 MISC |
| cpanel — cpanel | In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | 2020-09-25 | 5 | CVE-2020-26101 MISC |
| cpanel — cpanel | cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | 2020-09-25 | 5 | CVE-2020-26099 MISC |
| cpanel — cpanel | The email quota cache in cPanel before 90.0.10 allows overwriting of files. | 2020-09-25 | 5 | CVE-2020-26112 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. | 2020-10-02 | 5 | CVE-2020-26540 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. | 2020-10-02 | 4.3 | CVE-2020-26536 MISC |
| froala — froala_editor | Froala Editor before 3.2.2 allows XSS via pasted content. | 2020-10-02 | 4.3 | CVE-2020-26523 MISC |
| ge — s2020_firmware | The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | 2020-09-25 | 4.3 | CVE-2020-16242 MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. | 2020-09-30 | 6.5 | CVE-2020-13321 CONFIRM MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. | 2020-09-30 | 6.5 | CVE-2020-13322 CONFIRM MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. | 2020-09-30 | 5.5 | CVE-2020-13325 CONFIRM MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | 2020-09-30 | 4.3 | CVE-2020-13323 CONFIRM MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. | 2020-09-30 | 4.3 | CVE-2020-13324 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. | 2020-09-30 | 4 | CVE-2020-13319 CONFIRM MISC MISC |
| gitlab — gitlab | An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. | 2020-09-30 | 4 | CVE-2020-13320 CONFIRM MISC |
| hoosk — hoosk | An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | 2020-09-30 | 4.3 | CVE-2020-26043 MISC |
| ibm — business_automation_workflow | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. | 2020-09-25 | 5 | CVE-2020-4531 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. | 2020-09-25 | 4.3 | CVE-2020-4727 XF CONFIRM |
| ibm — security_verify_privilege_vault_remote_on-premises | IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. | 2020-09-29 | 4.6 | CVE-2020-4607 XF CONFIRM |
| jdownloads — jdownloads | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | 2020-09-25 | 5 | CVE-2020-19455 MISC |
| jdownloads — jdownloads | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | 2020-09-25 | 5 | CVE-2020-19450 MISC |
| jdownloads — jdownloads | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | 2020-09-25 | 5 | CVE-2020-19451 MISC |
| linux — linux_kernel | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | 2020-10-02 | 6.9 | CVE-2020-26541 MISC |
| mitel — micloud_management_portal | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | 2020-09-25 | 5 | CVE-2020-24592 MISC CONFIRM |
| mitel — micloud_management_portal | Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | 2020-09-25 | 6.8 | CVE-2020-24594 MISC CONFIRM |
| mitel — micloud_management_portal | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. | 2020-09-25 | 5 | CVE-2020-24595 MISC CONFIRM |
| mitel — micloud_management_portal | Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | 2020-09-25 | 6.5 | CVE-2020-24593 MISC CONFIRM |
| mozilla — firefox | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | 2020-10-01 | 6.8 | CVE-2020-15673 MISC MISC MISC MISC |
| mozilla — firefox | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | 2020-10-01 | 4.3 | CVE-2020-15676 MISC MISC MISC MISC |
| mozilla — firefox | A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | 2020-10-01 | 4.3 | CVE-2020-15668 MISC MISC MISC |
| mozilla — firefox | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. | 2020-10-01 | 6.8 | CVE-2020-15670 MISC MISC MISC MISC MISC |
| mozilla — firefox | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | 2020-10-01 | 5.8 | CVE-2020-15677 MISC MISC MISC MISC |
| mozilla — firefox | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | 2020-10-01 | 6.8 | CVE-2020-15675 MISC MISC |
| mozilla — firefox | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | 2020-10-01 | 6.8 | CVE-2020-15678 MISC MISC MISC MISC |
| mozilla — firefox | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. | 2020-10-01 | 6.8 | CVE-2020-15674 MISC MISC |
| mozilla — firefox_esr | When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. | 2020-10-01 | 6.8 | CVE-2020-15669 MISC MISC MISC |
| ng-packagr_project — ng-packagr | The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | 2020-09-25 | 6.5 | CVE-2020-7735 CONFIRM CONFIRM |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | 2020-09-25 | 6.5 | CVE-2020-25136 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI. | 2020-09-25 | 4.3 | CVE-2020-25131 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php. | 2020-09-25 | 6.5 | CVE-2020-25143 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI. | 2020-09-25 | 4.3 | CVE-2020-25135 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | 2020-09-25 | 6.5 | CVE-2020-25144 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | 2020-09-25 | 6.5 | CVE-2020-25145 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | 2020-09-25 | 6.5 | CVE-2020-25149 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field. | 2020-09-25 | 4 | CVE-2020-25130 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | 2020-09-25 | 4.3 | CVE-2020-25139 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | 2020-09-25 | 6.5 | CVE-2020-25133 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | 2020-09-25 | 4.3 | CVE-2020-25140 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | 2020-09-25 | 4.3 | CVE-2020-25137 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | 2020-09-25 | 4.3 | CVE-2020-25138 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | 2020-09-25 | 6.5 | CVE-2020-25134 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | 2020-09-25 | 4.3 | CVE-2020-25141 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. | 2020-09-25 | 4.3 | CVE-2020-25142 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | 2020-09-25 | 4.3 | CVE-2020-25146 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | 2020-09-25 | 4.3 | CVE-2020-25148 MISC |
| pexip — pexip_infinity | Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | 2020-09-25 | 5 | CVE-2020-24615 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | 2020-09-25 | 5 | CVE-2020-13387 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | 2020-09-25 | 5 | CVE-2020-12824 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. | 2020-09-25 | 4.3 | CVE-2017-17477 CONFIRM CONFIRM |
| qemu — qemu | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | 2020-09-25 | 4.4 | CVE-2020-25085 CONFIRM MISC MISC |
| qemu — qemu | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | 2020-09-25 | 4.7 | CVE-2020-25625 CONFIRM MISC |
| rainbowfishsoftware — pacsone_server | RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. | 2020-09-30 | 6.5 | CVE-2020-12715 MISC MISC |
| redhat — pagure | Pagure before 5.6 allows XSS via the templates/blame.html blame view. | 2020-09-25 | 4.3 | CVE-2019-11556 CONFIRM CONFIRM MISC |
| teltonika-networks — trb245_firmware | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | 2020-10-01 | 4 | CVE-2020-5789 MISC |
| teltonika-networks — trb245_firmware | Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 2020-10-01 | 6.8 | CVE-2020-5786 MISC |
| teltonika-networks — trb245_firmware | Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | 2020-10-01 | 4 | CVE-2020-5784 MISC |
| teltonika-networks — trb245_firmware | Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | 2020-10-01 | 4.3 | CVE-2020-5785 MISC |
| tensorflow — tensorflow | In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | 2020-09-25 | 5 | CVE-2020-15191 MISC MISC CONFIRM |
| tensorflow — tensorflow | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 4.3 | CVE-2020-15209 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 4.3 | CVE-2020-15200 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 4.3 | CVE-2020-15199 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 6.5 | CVE-2020-15195 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don’t validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 6.5 | CVE-2020-15196 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 6.8 | CVE-2020-15201 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 5 | CVE-2020-15190 MISC MISC CONFIRM |
| tensorflow — tensorflow | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | 4.3 | CVE-2020-15213 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 5.8 | CVE-2020-15198 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow’s `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 5 | CVE-2020-15206 MISC MISC CONFIRM |
| tensorflow — tensorflow | In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 5 | CVE-2020-15204 MISC MISC CONFIRM |
| tensorflow — tensorflow | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | 2020-09-25 | 6.8 | CVE-2020-15214 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 5 | CVE-2020-15203 MISC MISC CONFIRM |
| tensorflow — tensorflow | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python’s indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 6.8 | CVE-2020-15207 MISC MISC CONFIRM |
| tensorflow — tensorflow | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 6.8 | CVE-2020-15202 MISC MISC MISC CONFIRM |
| tensorflow — tensorflow | In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don’t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code. | 2020-09-25 | 5.8 | CVE-2020-15211 MISC MISC MISC MISC MISC MISC MISC CONFIRM |
| tensorflow — tensorflow | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | 2020-09-25 | 5.8 | CVE-2020-15210 MISC MISC CONFIRM |
| trendmicro — apex_one | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | 2020-09-29 | 6.8 | CVE-2020-25773 N/A N/A |
| zohocorp — manageengine_applications_manager | Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | 2020-09-25 | 4.3 | CVE-2020-15521 MISC CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cmsmadesimple — cms_made_simple | CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | 2020-09-30 | 3.5 | CVE-2020-22842 MISC |
| dpdk — data_plane_development_kit | An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. | 2020-09-30 | 2.1 | CVE-2020-14378 SUSE SUSE MISC UBUNTU MISC |
| gitlab — gitlab | A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. | 2020-09-30 | 3.5 | CVE-2020-13326 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. | 2020-09-30 | 3.5 | CVE-2020-13328 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. | 2020-09-30 | 3.5 | CVE-2020-13329 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. | 2020-09-30 | 3.5 | CVE-2020-13330 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. | 2020-09-30 | 3.5 | CVE-2020-13331 CONFIRM MISC |
| ibm — websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | 2020-09-30 | 2.1 | CVE-2020-4629 XF CONFIRM |
| mitel — micontact_center_business | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | 2020-09-25 | 3.6 | CVE-2020-24692 MISC CONFIRM |
| mozilla — firefox | When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. | 2020-10-01 | 2.6 | CVE-2020-15671 MISC MISC |
| qemu — qemu | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | 2020-09-25 | 2.1 | CVE-2020-25084 CONFIRM MISC |
| rainbowfishsoftware — pacsone_server | RainbowFish PacsOne Server 6.8.4 allows XSS. | 2020-09-30 | 3.5 | CVE-2020-12869 MISC MISC |
| tensorflow — tensorflow | In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. | 2020-09-25 | 3.5 | CVE-2020-15197 MISC MISC CONFIRM |
| trendmicro — apex_one | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. | 2020-09-29 | 2.1 | CVE-2020-24564 N/A N/A |
| trendmicro — apex_one | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | 2020-09-29 | 2.1 | CVE-2020-24565 N/A N/A |
| trendmicro — apex_one | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | 2020-09-29 | 2.1 | CVE-2020-25770 N/A N/A |
| trendmicro — apex_one | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | 2020-09-29 | 2.1 | CVE-2020-25771 N/A N/A |
| trendmicro — apex_one | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | 2020-09-29 | 2.1 | CVE-2020-25772 N/A N/A |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| tigervnc — tigervnc | In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. | 2020-09-27 | not yet calculated | CVE-2020-26117 MISC MISC MISC MISC MISC MISC |
| anixis — password_reset_client |
The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. | 2020-09-30 | not yet calculated | CVE-2018-5354 MISC MISC |
| apache — ant |
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. | 2020-10-01 | not yet calculated | CVE-2020-11979 MISC |
| apache — hadoop |
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. | 2020-09-30 | not yet calculated | CVE-2018-11765 MISC |
| apache — nifi | In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. | 2020-10-01 | not yet calculated | CVE-2020-9487 MISC |
| apache — nifi |
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. | 2020-10-01 | not yet calculated | CVE-2020-9486 MISC |
| apache — nifi |
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). | 2020-10-01 | not yet calculated | CVE-2020-13940 MISC |
| apache — nifi |
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. | 2020-10-01 | not yet calculated | CVE-2020-9491 MISC |
| apache — openmeetings |
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. | 2020-09-30 | not yet calculated | CVE-2020-13951 MISC |
| apache — superset |
In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2. | 2020-09-30 | not yet calculated | CVE-2020-13952 MISC |
| apache — tapestry |
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. | 2020-09-30 | not yet calculated | CVE-2020-13953 MISC |
| artica — pandora_fms |
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | 2020-10-02 | not yet calculated | CVE-2020-26518 MISC |
| artifex — mupdf |
fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap size calculation. | 2020-10-02 | not yet calculated | CVE-2020-26519 MISC MISC |
| atheros — multiple_devices |
A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | 2020-09-30 | not yet calculated | CVE-2019-18991 MISC |
| atlassian — atlaskit/editor-core |
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. | 2020-10-01 | not yet calculated | CVE-2019-20903 MISC MISC MISC |
| atlassian — crowd |
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1. | 2020-10-01 | not yet calculated | CVE-2019-20902 MISC |
| august — connect_wi-fi_bridge_app |
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | 2020-09-30 | not yet calculated | CVE-2019-17098 CONFIRM |
| bigbluebutton — greenlight |
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | 2020-09-30 | not yet calculated | CVE-2020-26163 MISC MISC MISC |
| bitdefender — bitdefender_engines |
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. | 2020-09-30 | not yet calculated | CVE-2020-15731 CONFIRM |
| bitdefender — engines |
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. | 2020-10-01 | not yet calculated | CVE-2020-8109 CONFIRM |
| bitdefender — engines |
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. | 2020-10-02 | not yet calculated | CVE-2020-8110 MISC |
| bludit — bludit |
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | 2020-10-02 | not yet calculated | CVE-2020-18190 MISC |
| bootstrap-select — bootstrap-select |
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim’s browser. | 2020-09-30 | not yet calculated | CVE-2019-20921 MISC MISC MISC MISC |
| bosh — system_metrics_server |
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). | 2020-10-02 | not yet calculated | CVE-2020-5422 CONFIRM |
| cloudflared — cloudflared |
`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. | 2020-10-02 | not yet calculated | CVE-2020-24356 CONFIRM |
| cmsmadesimple — cms_made_simple |
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | 2020-10-01 | not yet calculated | CVE-2020-24860 MISC MISC MISC MISC |
| codelathe — firecloud |
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. | 2020-10-02 | not yet calculated | CVE-2020-26524 MISC MISC |
| damstra — smart_asset |
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | 2020-10-02 | not yet calculated | CVE-2020-26525 MISC MISC MISC |
| damstra — smart_asset |
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary ‘Origin: example.com’ header and responding with 200 OK and a wildcard ‘Access-Control-Allow-Origin: *’ header. | 2020-10-02 | not yet calculated | CVE-2020-26527 MISC MISC MISC |
| damstra — smart_asset |
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid (“Unable to find an APIDomain” versus “Wrong email or password”). | 2020-10-02 | not yet calculated | CVE-2020-26526 MISC MISC MISC |
| dell — xps_13_9370_bios |
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | 2020-10-01 | not yet calculated | CVE-2020-5387 CONFIRM |
| django — rest_framework |
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | 2020-09-30 | not yet calculated | CVE-2020-25626 MISC |
|
dpdk — dpdk |
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-30 | not yet calculated | CVE-2020-14376 SUSE SUSE MISC UBUNTU MISC |
|
dpdk — dpdk |
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-30 | not yet calculated | CVE-2020-14375 SUSE SUSE MISC UBUNTU MISC |
|
dpdk — dpdk |
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. | 2020-09-30 | not yet calculated | CVE-2020-14377 SUSE SUSE MISC UBUNTU MISC |
| dpdk — dpdk |
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-30 | not yet calculated | CVE-2020-14374 SUSE SUSE MISC MISC |
| eaton — 9000x_programming_and_configuration_software |
A DLL Hijacking vulnerability in Eaton’s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | 2020-09-30 | not yet calculated | CVE-2020-6654 CONFIRM |
| envoy_proxy — envoy |
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | 2020-10-01 | not yet calculated | CVE-2020-25018 MISC MISC |
| envoy_proxy — envoy |
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header. | 2020-10-01 | not yet calculated | CVE-2020-25017 MISC MISC |
| erlang — otp |
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | 2020-10-02 | not yet calculated | CVE-2020-25623 CONFIRM CONFIRM MISC |
| fatek_automation — plc_winproladder |
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. | 2020-09-30 | not yet calculated | CVE-2020-16234 MISC |
| foxit — reader_and_phantompdf |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | 2020-10-02 | not yet calculated | CVE-2020-26538 MISC |
| frontaccounting — frontaccounting |
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. | 2020-09-30 | not yet calculated | CVE-2020-21244 MISC |
| fusionauth — fusionauth-samlv2 |
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a “Signature exclusion attack”. | 2020-10-02 | not yet calculated | CVE-2020-12676 MISC FULLDISC MISC MISC MISC |
| getsimple — getsimple_cms | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | 2020-10-02 | not yet calculated | CVE-2020-18191 MISC |
| getsimple — getsimple_cms |
GetSimple CMS 3.3.16 allows in parameter ‘permalink’ on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | 2020-10-01 | not yet calculated | CVE-2020-24861 MISC MISC MISC |
| github — actions/core |
In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified without the intention of the workflow or action author. The runner will release an update that disables the `set-env` and `add-path` workflow commands in the near future. For now, users should upgrade to `@actions/core v1.2.6` or later, and replace any instance of the `set-env` or `add-path` commands in their workflows with the new Environment File Syntax. Workflows and actions using the old commands or older versions of the toolkit will start to warn, then error out during workflow execution. | 2020-10-01 | not yet calculated | CVE-2020-15228 CONFIRM |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. | 2020-10-02 | not yet calculated | CVE-2020-13338 CONFIRM MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. | 2020-10-02 | not yet calculated | CVE-2020-13337 CONFIRM MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | 2020-09-30 | not yet calculated | CVE-2020-13336 CONFIRM MISC |
| google — apple_encounter_notification |
An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification. | 2020-09-30 | not yet calculated | CVE-2020-24721 MISC MISC MISC FULLDISC |
| goxmldsig — goxmldsig |
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0 | 2020-09-29 | not yet calculated | CVE-2020-15216 MISC CONFIRM MISC |
| halo — halo | An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system. | 2020-09-30 | not yet calculated | CVE-2020-21522 MISC |
| halo — halo |
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | 2020-09-30 | not yet calculated | CVE-2020-21526 MISC |
| halo — halo |
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | 2020-09-30 | not yet calculated | CVE-2020-21525 MISC |
| halo — halo |
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. | 2020-09-30 | not yet calculated | CVE-2020-21527 MISC |
| halo — halo |
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423 | 2020-09-30 | not yet calculated | CVE-2020-21524 MISC |
| halo — halo |
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test=”freemarker.template.utility.Execute”?new()> ${test(“touch /tmp/freemarkerPwned”)} | 2020-09-30 | not yet calculated | CVE-2020-21523 MISC |
| handlebars — handlebars |
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. | 2020-09-30 | not yet calculated | CVE-2019-20922 MISC MISC MISC |
| handlebars — handlebars |
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS). | 2020-09-30 | not yet calculated | CVE-2019-20920 MISC MISC MISC |
| harbor — harbor |
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | 2020-09-30 | not yet calculated | CVE-2020-13794 MISC MISC MISC |
| hashicorp — vault_and_vault_enterprise |
HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control. | 2020-09-30 | not yet calculated | CVE-2020-25816 CONFIRM MISC |
| hcl — digital_experience |
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | 2020-10-01 | not yet calculated | CVE-2020-14223 MISC |
| hewlett_packard_enterprise — ip_console_switches |
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 2020-10-02 | not yet calculated | CVE-2020-24628 MISC |
| hewlett_packard_enterprise — ip_console_switches |
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 2020-10-02 | not yet calculated | CVE-2020-24627 MISC |
| hfish — hfish |
An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information. | 2020-09-30 | not yet calculated | CVE-2020-22481 MISC |
| ibm — websphere_application_server |
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. | 2020-10-01 | not yet calculated | CVE-2020-4576 XF CONFIRM |
| istio — istio |
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. | 2020-10-01 | not yet calculated | CVE-2020-16844 MISC CONFIRM |
| jwt-go — jwt-go |
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[“aud”] (which is allowed by the specification). Because the type assertion fails, “” is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. | 2020-09-30 | not yet calculated | CVE-2020-26160 MISC MISC |
| lansweeper — lansweeper |
In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. | 2020-09-30 | not yet calculated | CVE-2020-13658 MISC MISC |
| leanote — desktop |
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. | 2020-09-30 | not yet calculated | CVE-2020-26158 MISC |
| leanote — desktop |
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled during syncing. This leads to remote code execution because of Node integration. | 2020-09-30 | not yet calculated | CVE-2020-26157 MISC |
| libproxy — libproxy |
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | 2020-09-30 | not yet calculated | CVE-2020-26154 MISC MISC FEDORA |
| live_helper_chat– live_helper_chat |
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. | 2020-10-02 | not yet calculated | CVE-2020-26134 MISC MISC MISC |
| live_helper_chat– live_helper_chat |
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. | 2020-10-02 | not yet calculated | CVE-2020-26135 MISC MISC MISC |
| logaritmo — aware_callmanager_2012 |
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 2020-09-30 | not yet calculated | CVE-2020-26150 MISC |
| mantisbt — mantisbt |
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. | 2020-09-30 | not yet calculated | CVE-2020-25830 MISC MISC |
| mantisbt — mantisbt |
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input’s pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. | 2020-09-30 | not yet calculated | CVE-2020-25288 MISC MISC |
| mantisbt — mantisbt |
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. | 2020-09-30 | not yet calculated | CVE-2020-25781 MISC MISC MISC |
| mapfish — mapfish-print
|
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. | 2020-10-02 | not yet calculated | CVE-2020-15232 MISC CONFIRM |
| mapfish — mapfish-print |
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. | 2020-10-02 | not yet calculated | CVE-20https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-1523120-15231 MISC CONFIRM |
| mb_connect_line — mymbconnect24_and_mbconnect24 |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. | 2020-09-30 | not yet calculated | CVE-2020-24569 CONFIRM |
| mb_connect_line — mymbconnect24_and_mbconnect24 |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. | 2020-10-02 | not yet calculated | CVE-2020-24568 CONFIRM |
| mb_connect_line — mymbconnect24_and_mbconnect24 |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | 2020-09-30 | not yet calculated | CVE-2020-24570 CONFIRM |
| md4c — md4c |
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | 2020-09-30 | not yet calculated | CVE-2020-26148 MISC |
| mediatek — mt7620n_devices |
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | 2020-09-30 | not yet calculated | CVE-2019-18989 MISC |
| mediawiki — mediawiki |
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. | 2020-09-27 | not yet calculated | CVE-2020-25869 CONFIRM MISC MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn’t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) | 2020-09-27 | not yet calculated | CVE-2020-25828 MISC CONFIRM MISC |
| mediawiki — mediawiki |
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against “page creation” and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. | 2020-09-27 | not yet calculated | CVE-2020-26121 MISC MISC MISC |
| mediawiki — mediawiki |
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. | 2020-09-27 | not yet calculated | CVE-2020-26120 MISC MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). | 2020-09-27 | not yet calculated | CVE-2020-25815 MISC CONFIRM MISC |
| mediawiki — mediawiki |
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. | 2020-09-27 | not yet calculated | CVE-2020-25813 CONFIRM MISC MISC |
| mediawiki — mediawiki |
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an <a href =”javascript… that executes when clicked. | 2020-09-27 | not yet calculated | CVE-2020-25814 CONFIRM MISC MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. | 2020-09-27 | not yet calculated | CVE-2020-25812 MISC CONFIRM MISC |
| mediawiki — mediawiki |
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. | 2020-09-27 | not yet calculated | CVE-2020-25827 CONFIRM MISC MISC |
| mozilla — firefox |
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | 2020-10-01 | not yet calculated | CVE-2020-15666 MISC MISC MISC |
| mozilla — firefox |
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. | 2020-10-01 | not yet calculated | CVE-2020-15667 MISC MISC |
| mozilla — firefox |
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. | 2020-10-01 | not yet calculated | CVE-2020-15665 MISC MISC |
| mozilla — multiple_products | By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. | 2020-10-01 | not yet calculated | CVE-2020-15664 MISC MISC MISC MISC MISC MISC MISC |
| mozilla — multiple_products |
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | 2020-10-01 | not yet calculated | CVE-2020-15663 MISC MISC MISC MISC MISC MISC |
| msi — ambientlink_mslo64_driver |
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | 2020-10-02 | not yet calculated | CVE-2020-17382 MISC MISC MISC |
| nacos — nacos |
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284) | 2020-09-30 | not yet calculated | CVE-2020-19676 MISC |
| nats — nats.js |
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. | 2020-09-30 | not yet calculated | CVE-2020-26149 CONFIRM MISC MISC |
| nette — nette |
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | 2020-10-01 | not yet calculated | CVE-2020-15227 CONFIRM MISC MISC |
| niushop — b2b2c_multi-business_basic_edition |
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. | 2020-09-30 | not yet calculated | CVE-2020-19672 MISC |
| niushop — b2b2c_multi-business_basic_edition |
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | 2020-09-30 | not yet calculated | CVE-2020-19670 MISC |
| nvidia — virtual_gpu_manager | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5989 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5983 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5984 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5986 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5987 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5988 CONFIRM |
| nvidia — virtual_gpu_manager |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | 2020-10-02 | not yet calculated | CVE-2020-5985 CONFIRM |
| nvidia — windows_gpu_display_Driver |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service. | 2020-10-02 | not yet calculated | CVE-2020-5980 CONFIRM |
| nvidia — windows_gpu_display_driver |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution. | 2020-10-02 | not yet calculated | CVE-2020-5981 CONFIRM |
| nvidia — windows_gpu_display_driver |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service. | 2020-10-02 | not yet calculated | CVE-2020-5982 CONFIRM |
| nvidia — windows_gpu_display_driver |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges. | 2020-10-02 | not yet calculated | CVE-2020-5979 CONFIRM |
| oniguruma — oniguruma |
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c . | 2020-09-30 | not yet calculated | CVE-2020-26159 MLIST MISC MISC |
| openmediavault — openmediavault |
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | 2020-10-02 | not yet calculated | CVE-2020-26124 MISC CONFIRM |
| ory — fosite |
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1. | 2020-10-02 | not yet calculated | CVE-2020-15233 MISC CONFIRM |
| ory — fosite |
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client’s registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1. | 2020-10-02 | not yet calculated | CVE-2020-15234 MISC CONFIRM |
| ozeki — ng_sms_gateway |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. | 2020-09-30 | not yet calculated | CVE-2020-14030 MISC MISC |
| php — php |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | 2020-10-02 | not yet calculated | CVE-2020-7070 MISC MISC MISC FEDORA |
| php — php |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | 2020-10-02 | not yet calculated | CVE-2020-7069 MISC FEDORA |
| pluck — cms |
An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | 2020-09-30 | not yet calculated | CVE-2020-21564 MISC |
| pluxxml — pluxxml |
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | 2020-10-02 | not yet calculated | CVE-2020-18184 MISC |
| pluxxml — pluxxml |
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | 2020-10-02 | not yet calculated | CVE-2020-18185 MISC |
| powerdns — authoritative |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | not yet calculated | CVE-2020-24696 MISC |
| powerdns — authoritative |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | not yet calculated | CVE-2020-24698 CONFIRM |
| powerdns — authoritative |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. | 2020-10-02 | not yet calculated | CVE-2020-24697 CONFIRM |
| powerdns — authoritative_server |
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | 2020-10-02 | not yet calculated | CVE-2020-17482 CONFIRM MISC |
| pritunl — pritnul |
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. | 2020-10-01 | not yet calculated | CVE-2020-25200 MISC MISC MISC |
| projectworlds — visitor_management_system |
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. | 2020-09-30 | not yet calculated | CVE-2020-25761 MISC FULLDISC MISC |
| projectworlds — visitor_management_system |
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the ‘rid’ parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | 2020-09-30 | not yet calculated | CVE-2020-25760 MISC FULLDISC MISC |
| pulse_secure — pulse_connect_secure | A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | 2020-09-30 | not yet calculated | CVE-2020-8238 MISC |
| pulse_secure — pulse_connect_secure |
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. | 2020-09-30 | not yet calculated | CVE-2020-8256 MISC |
| pulse_secure — pulse_connect_secure |
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | 2020-09-30 | not yet calculated | CVE-2020-8243 MISC |
| python — python |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 2020-09-27 | not yet calculated | CVE-2020-26116 MISC MISC |
| qemu — qemu |
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. | 2020-10-02 | not yet calculated | CVE-2020-25741 CONFIRM MISC MISC |
| re:desk — re:desk | Re:Desk 2.3 allows insecure file upload. | 2020-09-30 | not yet calculated | CVE-2020-15488 MISC MISC |
| re:desk — re:desk | Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application’s database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework’s bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). | 2020-09-30 | not yet calculated | CVE-2020-15849 MISC MISC |
| re:desk — re:desk |
Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained. | 2020-09-30 | not yet calculated | CVE-2020-15487 MISC MISC |
| realtek — multiple_devices |
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | 2020-09-30 | not yet calculated | CVE-2019-18990 MISC |
| reddoxx — maildepot_2032_sp2 |
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. | 2020-10-02 | not yet calculated | CVE-2019-19199 MISC MISC MISC MISC |
| rittal — cmc_pu_iii_devices |
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim’s information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session. | 2020-10-01 | not yet calculated | CVE-2019-19393 MISC MISC |
| secudos — domos |
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). | 2020-10-02 | not yet calculated | CVE-2020-14293 MISC MISC MISC MISC MISC |
| secudos — qiata_fta |
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | 2020-10-02 | not yet calculated | CVE-2020-14294 MISC MISC MISC MISC MISC |
| snyk — bmoor |
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | 2020-10-02 | not yet calculated | CVE-2020-7736 MISC MISC |
| snyk — safetydance |
All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | 2020-10-02 | not yet calculated | CVE-2020-7737 MISC |
| snyk — shiba |
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | 2020-10-02 | not yet calculated | CVE-2020-7738 CONFIRM |
| sonicwall — ssl-vpn_products |
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | 2020-09-30 | not yet calculated | CVE-2020-5132 CONFIRM |
| sourcecodester — seat_reservation_system |
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. | 2020-09-30 | not yet calculated | CVE-2020-25762 MISC FULLDISC MISC |
| sourcecodester — seat_reservation_system |
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | 2020-09-30 | not yet calculated | CVE-2020-25763 MISC FULLDISC MISC |
| sysaid — sysaid |
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | 2020-10-02 | not yet calculated | CVE-2020-13168 MISC MISC |
| trend_micro — antivirus_for_mac_2020 |
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2020-10-02 | not yet calculated | CVE-2020-25776 N/A N/A |
| trend_micro — apex_one |
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. | 2020-09-29 | not yet calculated | CVE-2020-24563 N/A N/A |
| trend_micro — apex_one_servermigration_tool |
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-29 | not yet calculated | CVE-2020-25774 N/A N/A |
| trend_micro — office_scan_xg_sp1 |
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. | 2020-09-29 | not yet calculated | CVE-2020-24562 N/A N/A |
| trend_micro — security_2020 |
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges. | 2020-09-29 | not yet calculated | CVE-2020-25775 N/A N/A |
| unisys — stealth |
Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable Format. | 2020-10-01 | not yet calculated | CVE-2020-24620 CONFIRM MISC |
| urllib3 — urllib3 |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | 2020-09-30 | not yet calculated | CVE-2020-26137 MISC MISC MISC |
| vapor — vapor |
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. | 2020-10-02 | not yet calculated | CVE-2020-15230 MISC MISC CONFIRM |
| wago — multiple_products | Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions. | 2020-09-30 | not yet calculated | CVE-2020-12506 CONFIRM |
| wago — multiple_products |
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions. | 2020-09-30 | not yet calculated | CVE-2020-12505 CONFIRM |
| wavlink — wn530h4_router | A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | 2020-10-02 | not yet calculated | CVE-2020-12125 MISC MISC |
| wavlink — wn530h4_router |
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | 2020-10-02 | not yet calculated | CVE-2020-12124 MISC MISC |
| wavlink — wn530h4_router |
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. | 2020-10-02 | not yet calculated | CVE-2020-12123 MISC MISC |
| wavlink — wn530h4_router |
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | 2020-10-02 | not yet calculated | CVE-2020-12126 MISC MISC |
| wavlink — wn530h4_router |
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 2020-10-02 | not yet calculated | CVE-2020-12127 MISC MISC |
| websitebaker — websitebaker |
WebsiteBaker 2.12.2 allows SQL Injection via parameter ‘display_name’ in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | 2020-10-01 | not yet calculated | CVE-2020-25990 MISC MISC |
| wordpress — wordpress |
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. | 2020-10-02 | not yet calculated | CVE-2020-26511 MISC MISC MISC |
| zoho — application_control_plus |
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access. | 2020-09-30 | not yet calculated | CVE-2020-15595 MISC |
| zoho — application_control_plus |
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. | 2020-09-30 | not yet calculated | CVE-2020-15594 MISC |
| zoho — manageengie_desktop_central |
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | 2020-10-02 | not yet calculated | CVE-2020-24397 MISC CONFIRM |
| zoho — manageengine_adselfservice_plus |
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required | 2020-09-30 | not yet calculated | CVE-2018-5353 MISC MISC MISC |
| zoho — manageengine_application_manager |
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 2020-10-01 | not yet calculated | CVE-2020-15533 MISC CONFIRM CONFIRM |
| zoho — manageengine_desktop_central |
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. | 2020-10-02 | not yet calculated | CVE-2020-15589 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.