Original release date: July 13, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1. | 2020-07-03 | 7.5 | CVE-2020-14172 MISC |
| gog — galaxy_client |
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks. | 2020-07-05 | 9.3 | CVE-2020-15529 MISC |
| gog — galaxy_client |
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks. | 2020-07-05 | 9.3 | CVE-2020-15528 MISC |
| google — android |
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020). | 2020-07-07 | 7.1 | CVE-2020-15584 CONFIRM |
| mobileiron — core_and_connector |
An Authentication Bypass vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass authentication mechanisms via unspecified vectors. | 2020-07-07 | 7.5 | CVE-2020-15506 MISC |
| mobileiron — core_and_connector |
A remote code execution vulnerability in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. | 2020-07-07 | 7.5 | CVE-2020-15505 MISC |
| mozilla — firefox |
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | 2020-07-09 | 7.6 | CVE-2020-12422 MISC MISC |
| mozilla — firefox |
Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77. | 2020-07-09 | 9.3 | CVE-2020-12411 MISC MISC |
| mozilla — firefox |
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | 2020-07-09 | 9.3 | CVE-2020-12416 MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | 2020-07-09 | 9.3 | CVE-2020-12406 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | 2020-07-09 | 9.3 | CVE-2020-12410 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | 2020-07-09 | 9.3 | CVE-2020-12420 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | 2020-07-09 | 9.3 | CVE-2020-12419 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | 2020-07-09 | 9.3 | CVE-2020-12417 MISC MISC MISC MISC |
| phpzag — phpzag |
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 2020-07-07 | 7.5 | CVE-2020-8519 MLIST MISC MISC |
| phpzag — phpzag |
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 2020-07-07 | 7.5 | CVE-2020-8520 MLIST MISC MISC |
| phpzag — phpzag |
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 2020-07-07 | 7.5 | CVE-2020-8521 MLIST MISC MISC |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | 2020-07-05 | 7.5 | CVE-2020-15541 MISC |
| we-com — opendata_cms |
We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. | 2020-07-05 | 7.5 | CVE-2020-15540 MISC MISC |
| webchess — webchess |
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. | 2020-07-07 | 7.5 | CVE-2019-20896 CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-07-06 | 6.8 | CVE-2019-8249 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-07-06 | 6.8 | CVE-2019-8250 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | 2020-07-06 | 4.3 | CVE-2019-8251 CONFIRM |
| atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. | 2020-07-03 | 4.4 | CVE-2019-20419 MISC |
| atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | 2020-07-03 | 4 | CVE-2019-20418 N/A |
| electron — electron |
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using “contextIsolation” are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. | 2020-07-07 | 4 | CVE-2020-15096 CONFIRM MISC |
| huawei — hisuite |
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker’s choosing. | 2020-07-06 | 4.4 | CVE-2020-9100 MISC |
| huawei — mate_30_smartphones |
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. | 2020-07-06 | 6.8 | CVE-2020-9262 MISC |
| huawei — mate_30_smartphones |
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. | 2020-07-06 | 6.8 | CVE-2020-9261 MISC |
| huawei — p30_smartphones |
HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. | 2020-07-06 | 4.3 | CVE-2020-9226 MISC |
| milkytracker — playergeneric |
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. | 2020-07-06 | 4.3 | CVE-2020-15569 MISC |
| mobileiron — core_and_connector |
An arbitrary file reading vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to read files on the system via unspecified vectors. | 2020-07-07 | 5 | CVE-2020-15507 MISC |
| mods_for_hesk — mods_for_hesk | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user’s logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | 2020-07-09 | 4.3 | CVE-2020-13992 MISC |
| mozilla — firefox |
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | 2020-07-09 | 4.3 | CVE-2020-12424 MISC MISC |
| mozilla — firefox |
When “%2F” was present in a manifest URL, Firefox’s AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | 2020-07-09 | 4.3 | CVE-2020-12415 MISC MISC |
| mozilla — firefox |
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. | 2020-07-09 | 4.3 | CVE-2020-12425 MISC MISC |
| mozilla — firefox |
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as ‘1’, and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. | 2020-07-09 | 4.3 | CVE-2020-12412 MISC MISC |
| mozilla — firefox |
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | 2020-07-09 | 6.8 | CVE-2020-12409 MISC MISC |
| mozilla — firefox |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. | 2020-07-09 | 4.3 | CVE-2020-12402 MISC MISC |
| mozilla — firefox |
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | 2020-07-09 | 4.3 | CVE-2020-12408 MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | 2020-07-09 | 4.3 | CVE-2020-12418 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. | 2020-07-09 | 6.8 | CVE-2018-12371 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | 2020-07-09 | 4.3 | CVE-2020-12421 MISC MISC MISC MISC |
|
mozilla — firefox_and_firefox_esr_and_thunderbird |
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | 2020-07-09 | 4.3 | CVE-2020-12399 MISC MISC MISC MISC |
| mozilla — firefox_for_ios |
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. | 2020-07-09 | 4.3 | CVE-2020-12404 MISC MISC |
| mozilla — firefox_for_ios |
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. | 2020-07-09 | 4.3 | CVE-2020-12414 MISC MISC |
| parallax — jspdf |
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. | 2020-07-06 | 4.3 | CVE-2020-7691 MISC MISC MISC MISC MISC |
| phplist — phplist |
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | 2020-07-08 | 6.5 | CVE-2020-15072 MISC CONFIRM CONFIRM |
| samsung — multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020). | 2020-07-07 | 4.3 | CVE-2020-15582 CONFIRM |
| samsung — multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020). | 2020-07-07 | 5 | CVE-2020-15579 CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). | 2020-07-07 | 5 | CVE-2020-15581 CONFIRM |
| victor_cms — victor_cms |
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. | 2020-07-07 | 4.3 | CVE-2020-15599 CONFIRM |
| whoopsie — whoopsie |
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. | 2020-07-06 | 4.3 | CVE-2020-15570 MISC MISC MISC MISC |
| wireshark — wireshark |
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | 2020-07-05 | 5 | CVE-2020-15466 MISC MISC MISC |
| wordpress — wordpress |
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. | 2020-07-05 | 4.3 | CVE-2020-15535 MISC MISC |
| wordpress — wordpress |
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | 2020-07-05 | 4.3 | CVE-2020-15537 MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atlassian — jira_server_and_data_center |
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | 2020-07-03 | 3.5 | CVE-2020-14173 MISC |
| huawei — mate_30_pro_smartphones |
HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user’s face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. | 2020-07-06 | 1.9 | CVE-2020-1838 MISC |
| huawei — mate_30_smartphones |
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. | 2020-07-06 | 3.7 | CVE-2020-1839 MISC |
| huawei — p30_smartphones |
HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function’s default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | 2020-07-06 | 2.9 | CVE-2020-1836 MISC |
| mozilla — firefox |
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77. | 2020-07-09 | 2.6 | CVE-2020-12407 MISC MISC |
| mozilla — firefox_and_firefox_esr_and_thunderbird |
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | 2020-07-09 | 2.6 | CVE-2020-12405 MISC MISC MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. | 2020-07-07 | 3.5 | CVE-2020-15034 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. | 2020-07-07 | 3.5 | CVE-2020-15035 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. | 2020-07-07 | 3.5 | CVE-2020-15032 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. | 2020-07-07 | 3.5 | CVE-2020-15033 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. | 2020-07-07 | 3.5 | CVE-2020-15030 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. | 2020-07-07 | 3.5 | CVE-2020-15031 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | 2020-07-07 | 3.5 | CVE-2020-15029 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. | 2020-07-07 | 3.5 | CVE-2020-15028 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. | 2020-07-07 | 3.5 | CVE-2020-15036 MISC MISC |
| nedi_consulting — nedi |
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. | 2020-07-07 | 3.5 | CVE-2020-15037 MISC MISC |
| phplist — phplist |
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. | 2020-07-08 | 3.5 | CVE-2020-15073 MISC CONFIRM CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020). | 2020-07-07 | 2.1 | CVE-2020-15583 CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020). | 2020-07-07 | 2.1 | CVE-2020-15577 CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). | 2020-07-07 | 2.1 | CVE-2020-15578 CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020). | 2020-07-07 | 2.1 | CVE-2020-15580 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-07-06 | not yet calculated | CVE-2019-8066 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | 2020-07-06 | not yet calculated | CVE-2019-8252 CONFIRM |
| amazon_web_services — tough |
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation. | 2020-07-09 | not yet calculated | CVE-2020-15093 MISC CONFIRM MISC MISC |
| apache — camel |
Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 2020-07-08 | not yet calculated | CVE-2020-11994 MISC |
|
atlassian — bitbucket_server |
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. | 2020-07-09 | not yet calculated | CVE-2020-14171 MISC |
| atlassian — bitbucket_server |
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. | 2020-07-09 | not yet calculated | CVE-2020-14170 MISC |
| bareos — bareos |
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director’s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10. | 2020-07-10 | not yet calculated | CVE-2020-11061 MISC CONFIRM |
| bareos — bareos |
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director’s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8. | 2020-07-10 | not yet calculated | CVE-2020-4042 MISC CONFIRM |
| boiteasite — cmsuno |
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | 2020-07-07 | not yet calculated | CVE-2020-15600 CONFIRM |
| checkpoint — zonealarm_firewall_and_antivirus | ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. | 2020-07-06 | not yet calculated | CVE-2020-6013 MISC |
| citrix — application_delivery_controller_and_gateway | Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. | 2020-07-10 | not yet calculated | CVE-2020-8197 MISC |
| citrix — application_delivery_controller_and_gateway | Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | 2020-07-10 | not yet calculated | CVE-2020-8190 MISC |
| citrix — application_delivery_controller_and_gateway |
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | 2020-07-10 | not yet calculated | CVE-2020-8187 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op | Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | 2020-07-10 | not yet calculated | CVE-2020-8194 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | 2020-07-10 | not yet calculated | CVE-2020-8195 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | 2020-07-10 | not yet calculated | CVE-2020-8196 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. | 2020-07-10 | not yet calculated | CVE-2020-8193 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). | 2020-07-10 | not yet calculated | CVE-2020-8198 MISC |
| citrix — application_delivery_controller_and_gateway_and_sdwan_wan-op |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | 2020-07-10 | not yet calculated | CVE-2020-8191 MISC |
| citrix — gateway_plug-in_for_linux | Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. | 2020-07-10 | not yet calculated | CVE-2020-8199 MISC |
| code42_software — code42 |
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection. | 2020-07-07 | not yet calculated | CVE-2020-12736 CONFIRM MISC |
| d-link — dr-610_devices | ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-07-09 | not yet calculated | CVE-2020-9377 MISC CONFIRM MISC |
| d-link — dr-610_devices |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-07-09 | not yet calculated | CVE-2020-9376 MISC CONFIRM MISC |
| dell — emc_data_protection_advisor |
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. | 2020-07-06 | not yet calculated | CVE-2020-5352 MISC |
| dell — emc_idrac9 |
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. | 2020-07-09 | not yet calculated | CVE-2020-5366 MISC |
| dell — emc_isilon_onefs_and_emc_powerscale |
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. | 2020-07-06 | not yet calculated | CVE-2020-5371 MISC |
| dell — emc_powerstore |
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. | 2020-07-06 | not yet calculated | CVE-2020-5372 MISC |
| dell — emc_vxrail | Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. | 2020-07-06 | not yet calculated | CVE-2020-5368 MISC |
|
dell — powerprotect_data_manager_and_powerprotect_x400 |
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | 2020-07-06 | not yet calculated | CVE-2020-5356 MISC |
| devcert — devcert |
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | 2020-07-10 | not yet calculated | CVE-2020-8186 MISC |
| django-two-factor-auth — django-two-factor-auth |
Django Two-Factor Authentication before 1.12, stores the user’s password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you’re using Django’s default database session storage, then users’ passwords are stored in clear text in your database. In the best case, if you’re using Django’s signed cookie session, then users’ passwords are only stored in clear text within their browser’s cookie store. In the common case of using Django’s cache session store, the users’ passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you’re using the database session backend, you’ll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django’s session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading. | 2020-07-10 | not yet calculated | CVE-2020-15105 MISC MISC CONFIRM |
| eclipse — jetty |
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). | 2020-07-09 | not yet calculated | CVE-2019-17638 CONFIRM |
| electron — electron |
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | 2020-07-07 | not yet calculated | CVE-2020-4077 CONFIRM MISC |
| electron — electron |
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | 2020-07-07 | not yet calculated | CVE-2020-4076 CONFIRM MISC |
| electron — electron |
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | 2020-07-07 | not yet calculated | CVE-2020-4075 CONFIRM MISC |
| freebsd — freebsd | In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. | 2020-07-09 | not yet calculated | CVE-2020-7458 MISC |
| freebsd — freebsd |
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. | 2020-07-09 | not yet calculated | CVE-2020-7457 MISC |
| geovision — door_access_control_device | Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. | 2020-07-08 | not yet calculated | CVE-2020-3931 CONFIRM CONFIRM |
| gitlab — gitlab_enterprise_edition |
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | 2020-07-07 | not yet calculated | CVE-2020-15525 CONFIRM MISC MISC |
| google — openthread_wpantund |
A memory leak in Openthread’s wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments. | 2020-07-07 | not yet calculated | CVE-2020-8916 CONFIRM |
| google-oauth-client — google-oauth-client | PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | 2020-07-09 | not yet calculated | CVE-2020-7692 MISC MISC MISC MISC MISC |
| gossipsub — gossipsub |
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. | 2020-07-07 | not yet calculated | CVE-2020-12821 MISC CONFIRM CONFIRM MISC MISC |
| hcl — appscan_enterprise | “HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.” | 2020-07-07 | not yet calculated | CVE-2019-4324 CONFIRM MISC |
| hcl — appscan_enterprise |
“HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.” | 2020-07-07 | not yet calculated | CVE-2019-4323 MISC CONFIRM |
| hibernate — orm |
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. | 2020-07-06 | not yet calculated | CVE-2019-14900 MISC |
| hpe — icewall_sso_dfw_and_dgfw |
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess | 2020-07-08 | not yet calculated | CVE-2020-7140 MISC |
| huawei — changxiang_8_plus |
ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition. | 2020-07-06 | not yet calculated | CVE-2020-1837 MISC |
| huawei — multiple_products |
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | 2020-07-08 | not yet calculated | CVE-2019-19415 CONFIRM |
| huawei — multiple_products |
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | 2020-07-08 | not yet calculated | CVE-2019-19416 CONFIRM |
| huawei — multiple_products |
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | 2020-07-08 | not yet calculated | CVE-2019-19417 CONFIRM |
| huawei — p30_and_p30_pro_smartphones |
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function’s default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | 2020-07-10 | not yet calculated | CVE-2020-9260 MISC |
| huawei — p30_smartphones | HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. | 2020-07-10 | not yet calculated | CVE-2020-9258 MISC |
| ibm — guardium_activity_insights |
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. | 2020-07-09 | not yet calculated | CVE-2020-4173 XF CONFIRM |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. | 2020-07-09 | not yet calculated | CVE-2020-4305 XF CONFIRM |
| icehrm — icehrm |
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2020-07-10 | not yet calculated | CVE-2020-6114 MISC |
| idera — froala_wysiwyg_editor | Froala Editor before 3.0.6 allows XSS. | 2020-07-07 | not yet calculated | CVE-2019-19935 MISC MISC |
| libslirp — libslirp |
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. | 2020-07-09 | not yet calculated | CVE-2020-10756 MISC |
| mavlink — micro_air_vehicle_link_protocol |
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. | 2020-07-03 | not yet calculated | CVE-2020-10282 CONFIRM |
| mavlink — micro_air_vehicle_link_protocol |
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic. | 2020-07-03 | not yet calculated | CVE-2020-10281 CONFIRM |
| mcafee — mcafee_total_protection |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-07-03 | not yet calculated | CVE-2020-7281 CONFIRM |
| mcafee — mcafee_total_protection |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-07-03 | not yet calculated | CVE-2020-7282 CONFIRM |
| mcafee — mcafee_total_protection |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. | 2020-07-03 | not yet calculated | CVE-2020-7283 CONFIRM |
| mcafee — network_security_management | Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). | 2020-07-03 | not yet calculated | CVE-2020-7284 MISC |
| mercari — mercari |
Android App ‘Mercari’ (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView. | 2020-07-09 | not yet calculated | CVE-2020-5604 MISC |
| micro_focus — identity_manager |
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. | 2020-07-08 | not yet calculated | CVE-2020-11849 MISC MISC |
| mitsubishi_electric — got2000_series_devices | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5599 MISC MISC |
| mitsubishi_electric — got2000_series_devices | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5598 MISC MISC |
| mitsubishi_electric — got2000_series_devices | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5600 MISC MISC |
| mitsubishi_electric — got2000_series_devices |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5596 MISC MISC |
| mitsubishi_electric — got2000_series_devices |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5595 MISC MISC |
| mitsubishi_electric — got2000_series_devices |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-07-07 | not yet calculated | CVE-2020-5597 MISC MISC |
| mods_for_hesk — mods_for_hesk |
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | 2020-07-09 | not yet calculated | CVE-2020-13994 MISC |
| mods_for_hesk — mods_for_hesk |
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | 2020-07-09 | not yet calculated | CVE-2020-13993 MISC |
| mozilla — firefox | When the Windows DLL “webauthn.dll” was missing from the Operating System, and a malicious one was placed in a folder in the user’s %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | 2020-07-09 | not yet calculated | CVE-2020-12423 MISC MISC |
| mozilla — firefox |
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. | 2020-07-09 | not yet calculated | CVE-2020-12426 MISC MISC |
| mozilla — thunderbird |
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. | 2020-07-09 | not yet calculated | CVE-2020-12398 MISC MISC |
| mx_player — mx_player_for_android |
MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in “Receive” mode. An attacker can exploit this by connecting to the MX Transfer session as a “sender” and sending a MessageType of “FILE_LIST” with a “name” field containing directory traversal characters (../). This will result in the file being transferred to the victim’s phone, but being saved outside of the intended “/sdcard/MXshare” directory. In some instances, an attacker can achieve remote code execution by writing “.odex” and “.vdex” files in the “oat” directory of the MX Player application. | 2020-07-08 | not yet calculated | CVE-2020-5764 MISC |
| nextcloud — nextcloud_contacts | A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 2020-07-10 | not yet calculated | CVE-2020-8181 MISC MISC |
| nordic_semiconductor — android_ble_library_and_dfu_library |
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). | 2020-07-07 | not yet calculated | CVE-2020-15509 MISC MISC MISC |
| northwestern_university_knight_lab — timelinejs | In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is “sanitized” before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to “pin” their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS. | 2020-07-09 | not yet calculated | CVE-2020-15092 CONFIRM MISC |
| npm — cli |
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like “<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>”. The password value is not redacted and is printed to stdout and also to any generated log files. | 2020-07-07 | not yet calculated | CVE-2020-15095 MISC MISC CONFIRM |
| nvidia — jetpack_sdk |
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges. | 2020-07-08 | not yet calculated | CVE-2020-5974 CONFIRM |
| osquery — osquery |
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0. | 2020-07-10 | not yet calculated | CVE-2020-11081 MISC MISC MISC MISC CONFIRM |
| palo_alto_networks — pan-os |
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services. | 2020-07-08 | not yet calculated | CVE-2020-2030 MISC |
| palo_alto_networks — pan-os |
An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. This issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services. | 2020-07-08 | not yet calculated | CVE-2020-2031 MISC |
| palo_alto_networks — pan-os |
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue. | 2020-07-08 | not yet calculated | CVE-2020-1982 MISC |
| palo_alto_networks — pan-os_globalprotect |
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability. | 2020-07-08 | not yet calculated | CVE-2020-2034 MISC |
| parallax — jspdf |
In all versions of package jspdf, it is possible to inject JavaScript code via the html method. | 2020-07-06 | not yet calculated | CVE-2020-7690 MISC MISC MISC MISC MISC MISC |
| python — python |
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | 2020-07-04 | not yet calculated | CVE-2020-15523 MISC MISC |
| raonwiz — raonwiz | RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows. | 2020-07-10 | not yet calculated | CVE-2020-7814 MISC |
| realtek — multiple_devices |
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2’s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. | 2020-07-06 | not yet calculated | CVE-2020-9395 MISC MISC MISC |
| redgate — sql_monitor |
In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7. | 2020-07-09 | not yet calculated | CVE-2020-15526 CONFIRM |
| riot — riot |
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow. | 2020-07-07 | not yet calculated | CVE-2020-15350 MISC MISC |
| roundcube — roundcube_webmail |
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | 2020-07-06 | not yet calculated | CVE-2020-15562 MISC MISC MISC MISC DEBIAN |
| samba — samba |
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | 2020-07-06 | not yet calculated | CVE-2020-14303 MISC CONFIRM MISC |
| samba — samba |
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. | 2020-07-07 | not yet calculated | CVE-2020-10730 MISC MISC |
| samba — samba |
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. | 2020-07-07 | not yet calculated | CVE-2020-10745 MISC MISC |
| samba — samba |
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | 2020-07-06 | not yet calculated | CVE-2020-10760 MISC UBUNTU MISC |
| shirasagi — shirasagi |
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2020-07-10 | not yet calculated | CVE-2020-5607 MISC MISC MISC MISC MISC |
| sockjs — sockjs |
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | 2020-07-09 | not yet calculated | CVE-2020-7693 MISC MISC MISC MISC MISC MISC |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | 2020-07-07 | not yet calculated | CVE-2020-15574 CONFIRM |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | 2020-07-05 | not yet calculated | CVE-2020-15542 MISC |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. | 2020-07-07 | not yet calculated | CVE-2020-15575 CONFIRM |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U File Server before 15.2.1 has a “Cross-script vulnerability,” aka Case Numbers 00041778 and 00306421. | 2020-07-07 | not yet calculated | CVE-2020-15573 CONFIRM |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | 2020-07-05 | not yet calculated | CVE-2020-15543 MISC |
| solarwinds — serv-u_ftp_server | SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. | 2020-07-07 | not yet calculated | CVE-2020-15576 CONFIRM |
| sophos — xg_firewall |
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. | 2020-07-10 | not yet calculated | CVE-2020-15504 CONFIRM |
| symantec — endpoint_detection_and_response | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 2020-07-08 | not yet calculated | CVE-2020-5839 MISC |
| tableau — tableau_server | A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. | 2020-07-08 | not yet calculated | CVE-2020-6938 MISC MISC |
| telefonica_germany — o2_business_for_android |
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | 2020-07-07 | not yet calculated | CVE-2020-11882 MISC MISC |
| tobesoft — xplatform | XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows. | 2020-07-10 | not yet calculated | CVE-2020-7815 MISC MISC |
| typo3 — typo3 | The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. | 2020-07-07 | not yet calculated | CVE-2020-15513 MISC CONFIRM |
| typo3 — typo3 | The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. | 2020-07-07 | not yet calculated | CVE-2020-15514 MISC CONFIRM |
| typo3 — typo3 | The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. | 2020-07-07 | not yet calculated | CVE-2020-15515 MISC CONFIRM |
| typo3 — typo3 | The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. | 2020-07-07 | not yet calculated | CVE-2020-15517 MISC CONFIRM |
| typo3 — typo3 | The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | 2020-07-07 | not yet calculated | CVE-2020-15516 MISC CONFIRM |
| valve — steam_client |
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITYSYSTEM privileges because some parts of %PROGRAMFILES(X86)%Steam and/or %COMMONPROGRAMFILES(X86)%Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. | 2020-07-05 | not yet calculated | CVE-2020-15530 MISC |
|
veeam — availability_suite_and_backup_and_replication |
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | 2020-07-03 | not yet calculated | CVE-2020-15518 MISC |
| venki — supravizio_bpm | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | 2020-07-07 | not yet calculated | CVE-2020-15367 MISC MISC |
| venki — supravizio_bpm |
A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | 2020-07-07 | not yet calculated | CVE-2020-15392 MISC MISC |
|
vmware — fusion_and_remote_console_for_mac_and_horizon_client_for_mac |
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. | 2020-07-10 | not yet calculated | CVE-2020-3974 MISC |
| vmware — velocloud_orchestrator | The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged. | 2020-07-08 | not yet calculated | CVE-2020-3973 MISC |
| we-com — municipality_portal_cms | XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. | 2020-07-05 | not yet calculated | CVE-2020-15538 MISC MISC |
| we-com — municipality_portal_cms |
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. | 2020-07-05 | not yet calculated | CVE-2020-15539 MISC MISC |
| wordpress — wordpress |
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. | 2020-07-05 | not yet calculated | CVE-2020-15536 MISC MISC |
| wordpress — wordpress |
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim’s browser. | 2020-07-09 | not yet calculated | CVE-2020-15299 MISC |
| xen — xen |
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests’ dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest’s video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability. | 2020-07-07 | not yet calculated | CVE-2020-15563 MLIST MISC |
| xen — xen |
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. | 2020-07-07 | not yet calculated | CVE-2020-15564 MLIST MISC |
| xen — xen |
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen’s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. | 2020-07-07 | not yet calculated | CVE-2020-15565 MLIST MISC |
| xen — xen |
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit. | 2020-07-07 | not yet calculated | CVE-2020-15566 MLIST MISC |
| xen — xen |
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable. | 2020-07-07 | not yet calculated | CVE-2020-15567 MLIST MISC |
| yubico — libykpiv | An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. | 2020-07-09 | not yet calculated | CVE-2020-13132 MISC CONFIRM |
| yubico — libykpiv |
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token. | 2020-07-09 | not yet calculated | CVE-2020-13131 MISC CONFIRM |
| yubico — yubikey_5_devices |
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required. | 2020-07-09 | not yet calculated | CVE-2020-15000 CONFIRM |
| yubico — yubikey_5_nfc_devices | An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.) | 2020-07-09 | not yet calculated | CVE-2020-15001 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.