Vulnerability Summary for the Week of April 6, 2020

Original release date: April 13, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3xlogic — infinias_eidc32
 
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side’s interpretation of the <KEY>MYKEY</KEY> substring. 2020-04-04 7.5 CVE-2020-11542
MISC
adb-driver — abd-driver
 
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. 2020-04-06 7.5 CVE-2020-7636
MISC
MISC
advantech — webaccess/nms
 
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. 2020-04-09 7.5 CVE-2020-10625
MISC
advantech — webaccess/nms
 
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). 2020-04-09 10 CVE-2020-10621
MISC
advantech — webaccess/nms
 
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS’s (versions prior to 3.0.2) control. 2020-04-09 7.5 CVE-2020-10631
MISC

amcrest — multiple_cameras_and_network_video_recorders

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. 2020-04-08 8 CVE-2020-5735
MISC
MISC
avira– free_antivirus
 
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. 2020-04-09 7.5 CVE-2020-8961
CONFIRM
canonical — microk8s
 
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. 2020-04-08 7.2 CVE-2019-15789
CONFIRM
CONFIRM
CONFIRM
CONFIRM
centreon — centreon
 
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. 2020-04-06 9 CVE-2019-19699
MISC
MISC
MISC
MISC
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. 2020-04-06 7.5 CVE-2020-11598
MISC
cipplanner — cipace
 
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. 2020-04-06 7.5 CVE-2020-11586
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. 2020-04-06 7.5 CVE-2020-11597
MISC
compass-compile — compass-compile
 
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. 2020-04-06 7.5 CVE-2020-7635
MISC
MISC
dell — latitude_7202_rugged_tablet
 
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. 2020-04-04 7.2 CVE-2020-5348
MISC
diskusage-ng — diskusage-ng
 
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. 2020-04-06 7.5 CVE-2020-7631
MISC
MISC
extplorer — extplorer
 
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian 2020-04-10 7.5 CVE-2019-7305
MISC
general_electric — mark_vie_controller
 
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. 2020-04-07 7.2 CVE-2019-13559
MISC
gitlab — gitlab_enterprise_and_community_editions
 
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. 2020-04-08 7.5 CVE-2020-10980
CONFIRM
MISC
gpac — gpac
 
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes. 2020-04-05 7.5 CVE-2020-11558
MISC
MISC
heroku-addonpool — heroku-addonpool
 
heroku-addonpool through 0.1.15 is vulnerable to Command Injection. 2020-04-06 7.5 CVE-2020-7634
MISC
MISC
hirschmann_automation_and_control — hios_and_hisecos A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. 2020-04-03 7.5 CVE-2020-6994
MISC
honeywell — notifier_web_server
 
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. 2020-04-07 7.5 CVE-2020-6974
MISC
ibm — api_connect_developer_toolkit
 
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. 2020-04-06 7.5 CVE-2020-7633
MISC
MISC
jooby — jooby
 
All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn’t being abused for HTTP Response Splitting. 2020-04-06 7.5 CVE-2020-7622
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. 2020-04-08 10 CVE-2019-20636
MISC
MISC
MISC
netty — netty
 
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. 2020-04-07 7.5 CVE-2020-11612
MISC
MISC
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
node-mpv — node-mpv
 
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. 2020-04-06 7.5 CVE-2020-7632
MISC
MISC
npm-programmatic — npg-programmatic
 
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the ‘exec’ function directly. 2020-04-07 7.5 CVE-2020-7614
MISC
MISC
opsramp — gateway
 
OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. 2020-04-08 10 CVE-2020-11543
MISC
palo_alto_networks — global_protect_agent
 
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows; 2020-04-08 7.2 CVE-2020-1988
MISC
palo_alto_networks — global_protect_agent
 
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. 2020-04-08 7.2 CVE-2020-1989
MISC
palo_alto_networks — pan-os
 
A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1. 2020-04-08 9 CVE-2020-1990
MISC
palo_alto_networks — pan-os
 
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls. 2020-04-08 9.3 CVE-2020-1992
MISC
palo_alto_networks — secdo
 
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with ‘create folders or append data’ access to the root of the OS disk (C:) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. 2020-04-08 7.2 CVE-2020-1984
MISC
primekey — ejbca
 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized. 2020-04-08 7.5 CVE-2020-11630
MISC
project_worlds — official_car_rental_system
 
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. 2020-04-06 7.5 CVE-2020-11545
MISC
pulse_secure — pulse_connect_secure
 
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. 2020-04-06 9.3 CVE-2020-11581
MISC
CONFIRM
qemu — qemu
 
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. 2020-04-06 7.5 CVE-2020-11102
MLIST
MISC
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018). 2020-04-08 10 CVE-2018-21049
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). 2020-04-07 7.5 CVE-2017-18683
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7930 (March 2017). 2020-04-07 10 CVE-2017-18681
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 (August 2017). 2020-04-07 7.5 CVE-2017-18655
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in process_cipher_tdea. The Samsung ID is SVE-2017-8973 (July 2017). 2020-04-07 7.5 CVE-2017-18661
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018). 2020-04-08 10 CVE-2018-21050
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020). 2020-04-08 10 CVE-2020-11600
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). 2020-04-08 10 CVE-2018-21055
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018). 2020-04-08 7.5 CVE-2018-21065
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016). 2020-04-07 7.8 CVE-2016-11031
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018). 2020-04-08 7.5 CVE-2018-21087
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020). 2020-04-08 7.5 CVE-2020-11603
CONFIRM
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018). 2020-04-08 7.2 CVE-2018-21070
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). 2020-04-08 10 CVE-2018-21066
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018). 2020-04-08 7.5 CVE-2018-21075
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018). 2020-04-08 7.5 CVE-2018-21071
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver’s input booster. The Samsung ID is SVE-2017-11816 (August 2018). 2020-04-08 7.5 CVE-2018-21064
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016). 2020-04-07 7.8 CVE-2016-11039
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016). 2020-04-07 7.5 CVE-2016-11025
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). 2020-04-07 7.8 CVE-2016-11026
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). 2020-04-08 7.5 CVE-2018-21054
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017). 2020-04-07 7.8 CVE-2017-18685
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017). 2020-04-07 7.8 CVE-2017-18682
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 (April 2017). 2020-04-07 7.8 CVE-2017-18679
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.0) software. The time service (aka Timaservice) allows a kernel panic. The Samsung ID is SVE-2017-8593 (May 2017). 2020-04-07 7.8 CVE-2017-18674
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). 2020-04-08 10 CVE-2018-21063
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). 2020-04-07 7.5 CVE-2016-11033
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018). 2020-04-08 10 CVE-2018-21090
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018). 2020-04-08 10 CVE-2018-21089
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). 2020-04-08 10 CVE-2018-21072
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018). 2020-04-08 7.8 CVE-2018-21091
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017). 2020-04-07 7.5 CVE-2017-18684
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018). 2020-04-08 7.5 CVE-2018-21058
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). 2020-04-07 7.5 CVE-2017-18652
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017). 2020-04-07 7.5 CVE-2017-18696
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). 2020-04-08 10 CVE-2018-21051
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018). 2020-04-08 10 CVE-2018-21052
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018). 2020-04-08 7.8 CVE-2018-21088
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). 2020-04-07 7.5 CVE-2016-11036
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018). 2020-04-08 7.5 CVE-2018-21044
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018). 2020-04-08 7.5 CVE-2018-21042
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app’s startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). 2020-04-08 7.5 CVE-2018-21038
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016). 2020-04-07 7.5 CVE-2016-11028
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017). 2020-04-07 7.5 CVE-2017-18693
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. There are multiple Buffer Overflows in TSP sysfs cmd_store. The Samsung ID is SVE-2016-7500 (January 2017). 2020-04-07 7.5 CVE-2017-18691
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017). 2020-04-07 7.5 CVE-2017-18690
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn’t implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016). 2020-04-07 7.5 CVE-2016-11038
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016). 2020-04-07 7.1 CVE-2016-11034
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018). 2020-04-08 10 CVE-2018-21057
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in tlc_server. The Samsung ID is SVE-2017-8888 (July 2017). 2020-04-07 7.5 CVE-2017-18660
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016). 2020-04-07 7.5 CVE-2016-11051
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsung ID is SVE-2017-10011 (December 2017). 2020-04-08 7.5 CVE-2017-18644
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December 2017). 2020-04-08 7.5 CVE-2017-18645
CONFIRM
sqlite — sqlite
 
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. 2020-04-09 7.5 CVE-2020-11656
MISC
MISC
suse — openstack_cloud_and_openstack_cloud_crowbar
 
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. 2020-04-03 7.2 CVE-2018-17954
CONFIRM
tencent — qqbrowser
 
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITYAuthenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITYSYSTEM by writing a malicious executable to the location of TsService. 2020-04-09 7.2 CVE-2020-10551
MISC
MISC
testlink — testlink
 
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. 2020-04-03 7.5 CVE-2020-8638
MISC
CONFIRM
testlink — testlink
 
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. 2020-04-03 7.5 CVE-2020-8637
MISC
CONFIRM

universal_robots — cb2_sw_and_cb3_sw_and_e-series_sw_robot_controllers

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization. 2020-04-06 9 CVE-2020-10265
CONFIRM
utils-extend — utils-extend
 
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. 2020-04-03 7.5 CVE-2020-8147
MISC
visam — vbase_editor_and_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. 2020-04-03 7.2 CVE-2020-7004
MISC
visam — vbase_editor_and_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code. 2020-04-03 7.5 CVE-2020-10599
MISC
wordpress — wordpress
 
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. 2020-04-05 7.5 CVE-2020-11548
MISC
MISC
wordpress — wordpress
 
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. 2020-04-07 7.5 CVE-2020-11514
MISC
MISC
MISC
xiaomi — xiaoai_speaker_pro_lx06
 
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers’ voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. 2020-04-08 7.2 CVE-2020-10263
MISC
MISC
MISC
xiaomi — xiaoai_speaker_pro_lx06
 
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers’ voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. 2020-04-08 7.2 CVE-2020-10262
MISC
MISC
MISC
zhejiang_dahua_technology — multiple_products Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. 2020-04-09 7.5 CVE-2020-9499
MISC
zoho — manageengine_adselfservice_plus
 
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. 2020-04-04 7.5 CVE-2020-11518
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess/nms There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. 2020-04-09 5 CVE-2020-10617
MISC
advantech — webaccess/nms WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. 2020-04-09 6.5 CVE-2020-10603
MISC
advantech — webaccess/nms Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. 2020-04-09 4 CVE-2020-10623
MISC
advantech — webaccess/nms An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS’s (versions prior to 3.0.2) control. 2020-04-09 6.4 CVE-2020-10619
MISC
advantech — webaccess/nms WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. 2020-04-09 5 CVE-2020-10629
MISC

amcrest — multiple_cameras_and_network_video_recorders

 

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device. 2020-04-08 6.8 CVE-2020-5736
MISC

argo — argo_cd

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts within Argo. 2020-04-08 5 CVE-2020-11576
MISC
MISC
MISC

argo — argo_cd

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. 2020-04-08 6.5 CVE-2020-8828
MISC
MISC
MISC

argo — argo_cd

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. 2020-04-09 4 CVE-2018-21034
MISC
MISC
MISC
MISC
argo — argo_cd
 
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. 2020-04-08 5 CVE-2020-8827
MISC
MISC
MISC
MISC
argo — argo_cd
 
As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication. 2020-04-08 5 CVE-2020-8826
MISC
MISC
MISC
auth0 — auth0.js
 
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3 2020-04-09 4 CVE-2020-5263
MISC
CONFIRM
bit2spr — bit2spr
 
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. 2020-04-04 5 CVE-2020-11528
MISC
MISC
bitdefender — high-level_antimalware__sdk_for_windows Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . 2020-04-07 4.6 CVE-2020-8096
CONFIRM
broadcom — management_center
 
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user’s web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. 2020-04-10 4.3 CVE-2019-18376
MISC
castle_rock_computing — snmpc_online An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. 2020-04-09 6.8 CVE-2020-11553
MISC
castle_rock_computing — snmpc_online An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. 2020-04-09 5 CVE-2020-11554
MISC
castle_rock_computing — snmpc_online An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. 2020-04-09 5 CVE-2020-11555
MISC
castle_rock_computing — snmpc_online An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request’s cookie value. 2020-04-09 5 CVE-2020-11557
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path. 2020-04-06 5 CVE-2020-11594
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address. 2020-04-06 5 CVE-2020-11593
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name. 2020-04-06 5 CVE-2020-11591
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. 2020-04-06 5 CVE-2020-11592
MISC
cipplanner — cipace
 
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. 2020-04-06 5 CVE-2020-11589
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. 2020-04-06 5 CVE-2020-11595
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. 2020-04-06 5 CVE-2020-11588
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. 2020-04-06 5 CVE-2020-11590
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user. 2020-04-06 5 CVE-2020-11599
MISC
cipplanner — cipace
 
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. 2020-04-06 5 CVE-2020-11596
MISC
cipplanner — cipace
 
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. 2020-04-06 5 CVE-2020-11587
MISC
clamscan — clamscan
 
clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. 2020-04-07 6.8 CVE-2020-7613
MISC
MISC
class-transformer — class-transformer class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The ‘classToPlainFromExist’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload. 2020-04-06 5 CVE-2020-7637
MISC
MISC
code::blocks — code::blocks
 
A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. 2020-04-08 4.3 CVE-2020-10814
MISC
MISC
MISC
communilink — clink_office
 
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2020-04-07 4.3 CVE-2020-6171
MISC
confinit — confinit
 
confinit through 0.3.0 is vulnerable to Prototype Pollution.The ‘setDeepProperty’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload. 2020-04-06 5 CVE-2020-7638
MISC
MISC
dell — emc_isilon_onefs
 
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. 2020-04-04 5 CVE-2020-5347
MISC
dnn_software — dnn There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. 2020-04-06 4 CVE-2020-11585
MISC
eclipse — che A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod. 2020-04-03 4.9 CVE-2020-10689
CONFIRM
MISC
eivindfjeldstad-dot — eivindfjeldstad-dot eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function ‘set’ could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘__proto__’ payload. 2020-04-06 5 CVE-2020-7639
MISC
MISC
express-mock-middleware — express-mock-middlware
 
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. 2020-04-07 5 CVE-2020-7616
MISC
MISC
facebook — instragram_for_android
 
A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. 2020-04-09 6.8 CVE-2020-1895
CONFIRM
facebook — oculus_desktop
 
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. 2020-04-08 4.6 CVE-2020-1885
CONFIRM
fortinet — fortiadc
 
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. 2020-04-07 6.8 CVE-2020-9286
MISC
fortinet — multiple_products
 
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. 2020-04-07 5 CVE-2019-17657
CONFIRM
fsa — fsa
 
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of ‘execGitCommand()’, located within ‘lib/rep.js#63’ can be controlled by users without any sanitization to inject arbitrary commands. 2020-04-07 4.6 CVE-2020-7615
MISC
MISC
general_electric –mark_vie_controller
 
GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service. 2020-04-07 6.5 CVE-2019-13554
MISC

gitlab — gitlab_enterprise_and_community_editions

GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers’ pipeline trigger descriptions within the same project. 2020-04-08 4 CVE-2020-10981
CONFIRM
MISC

gitlab — gitlab_enterprise_and_community_editions

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. 2020-04-08 4 CVE-2020-10975
CONFIRM
MISC

gitlab — gitlab_enterprise_and_community_editions

GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. 2020-04-08 5 CVE-2020-10976
CONFIRM
MISC

gitlab — gitlab_enterprise_and_community_editions

GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. 2020-04-08 4 CVE-2020-10979
CONFIRM
MISC
gitlab — gitlab_enterprise_and_community_editions
 
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. 2020-04-08 5 CVE-2020-10978
CONFIRM
MISC
gnutls — gnutls GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 ‘’ bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. 2020-04-03 6.4 CVE-2020-11501
SUSE
MISC
MISC
DEBIAN
MISC
grav — grav
 
Common/Grav.php in Grav before 1.6.23 has an Open Redirect. 2020-04-04 5.8 CVE-2020-11529
MISC
MISC
greenbrowser — greenbrowser
 
GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2. 2020-04-08 4.3 CVE-2020-11000
MISC
CONFIRM
hcl — appscan_standard_edition
 
HCL AppScan Standard is vulnerable to excessive authorization attempts 2020-04-07 5 CVE-2019-4393
MISC
hcl — appscan_standard_edition
 
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data 2020-04-07 6.4 CVE-2019-4391
MISC
hms_networks — ewon_flexy_and_cosy
 
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. 2020-04-08 4.3 CVE-2020-10633
MISC
ibm — quality_manager
 
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295. 2020-04-08 4 CVE-2019-4603
XF
CONFIRM
ibm — quality_manager
 
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. 2020-04-08 4 CVE-2019-4601
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333. 2020-04-08 5.5 CVE-2020-4290
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334. 2020-04-08 4.3 CVE-2020-4291
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205. 2020-04-08 4 CVE-2020-4282
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207. 2020-04-08 5 CVE-2020-4284
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332. 2020-04-08 5 CVE-2020-4289
XF
CONFIRM
ibm — security_information_queue
 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400. 2020-04-08 4 CVE-2020-4164
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. 2020-04-03 6.9 CVE-2020-4273
XF
CONFIRM

ibm — websphere_application_server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. 2020-04-10 6.5 CVE-2020-4362
XF
CONFIRM
ixsystems — freenas_and_truenas
 
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. 2020-04-08 5 CVE-2020-11650
MISC
CONFIRM
jenkins — jenkins
 
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. 2020-04-07 4.3 CVE-2020-2174
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-04-07 4 CVE-2020-2172
MLIST
CONFIRM

linux — linux_kernel

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. 2020-04-10 5 CVE-2020-11669
MISC
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. 2020-04-09 5 CVE-2020-11668
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. 2020-04-06 4.6 CVE-2020-11565
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. 2020-04-07 4.9 CVE-2020-11609
MISC
MISC
MISC
logicaldoc — logicaldoc LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. 2020-04-08 5 CVE-2020-10366
MISC
MISC
malwarebytes — adwcleaner
 
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. 2020-04-06 6.9 CVE-2020-11507
CONFIRM
mediawiki — mediawiki
 
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). 2020-04-03 5 CVE-2020-10960
CONFIRM
CONFIRM
mh-wikibot — mh-wikibot
 
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. 2020-04-07 6.4 CVE-2020-5302
MISC
CONFIRM
mongodb — mongodb X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. 2020-04-09 4 CVE-2020-7922
MISC
nch_software — express_invoice
 
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the “Add New Item” screen. 2020-04-07 6.5 CVE-2020-11561
MISC
MISC
MISC
paessler — prtg_network_monitor
 
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm. 2020-04-05 5 CVE-2020-11547
MISC
palo_alto_networks — secdo_for_windows
 
Improper input validation vulnerability in Secdo allows an authenticated local user with ‘create folders or append data’ access to the root of the OS disk (C:) to cause a system crash on every login. This issue affects all versions Secdo for Windows. 2020-04-08 4.9 CVE-2020-1986
MISC
palo_alto_networks — secdo_for_windows
 
Incorrect Default Permissions on C:ProgramdataSecdoLogs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. 2020-04-08 4.6 CVE-2020-1985
MISC
perl-convert-asn1 — perl-convert-asn1
 
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. 2020-04-07 5 CVE-2013-7488
MISC
plat’home — easyblocks_ipv6 Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors. 2020-04-08 5.8 CVE-2020-5550
MISC
MISC
MISC
plat’home — easyblocks_ipv6
 
Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-04-08 6.8 CVE-2020-5549
MISC
MISC
MISC
primekey — ejbca An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) 2020-04-08 6.5 CVE-2020-11629
MISC
primekey — ejbca
 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI. 2020-04-08 6.8 CVE-2020-11627
MISC
primekey — ejbca
 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets. 2020-04-08 4.3 CVE-2020-11626
MISC
primekey — ejbca
 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA’s internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.) 2020-04-08 5 CVE-2020-11628
MISC
primekey — ejbca
 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.) 2020-04-08 4 CVE-2020-11631
MISC
project_worlds – official_car_rental_system_1
 
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. 2020-04-06 6.5 CVE-2020-11544
MISC
pulse_secure –pulse_connect_secure An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. 2020-04-06 6.4 CVE-2020-11580
MISC
CONFIRM
red_hat –jboss_keycloak
 
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. 2020-04-06 5.8 CVE-2020-1728
CONFIRM
revive-adserver — revive_adserver A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided. 2020-04-03 4.6 CVE-2020-8142
MISC
MISC
revive-adserver — revive_adserver An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. 2020-04-03 5.8 CVE-2020-8143
MISC
MISC
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 (June 2017). 2020-04-07 5.8 CVE-2017-18665
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017). 2020-04-07 5 CVE-2017-18657
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016). 2020-04-07 5 CVE-2016-11043
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017). 2020-04-07 5 CVE-2017-18686
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017). 2020-04-07 5 CVE-2017-18668
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017). 2020-04-07 5 CVE-2017-18694
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). 2020-04-07 5 CVE-2016-11029
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is an Integer Overflow in process_M_SetTokenTUIPasswd during handling of a trusted application, leading to memory corruption. The Samsung IDs are SVE-2017-9008 and SVE-2017-9009 (October 2017). 2020-04-07 5 CVE-2017-18651
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016). 2020-04-07 6.8 CVE-2016-11052
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application’s signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016). 2020-04-07 4.6 CVE-2016-11044
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017). 2020-04-07 6.4 CVE-2017-18648
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user’s consent. The Samsung ID is SVE-2017-11018 (March 2018). 2020-04-08 6.4 CVE-2018-21081
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). 2020-04-08 4.6 CVE-2018-21061
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017). 2020-04-07 6.8 CVE-2017-18647
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017). 2020-04-07 4.9 CVE-2017-18672
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016). 2020-04-07 4.9 CVE-2016-11035
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Because of an unprotected Intent, an attacker can reset the configuration of certain applications. The Samsung ID is SVE-2016-7142 (April 2017). 2020-04-07 5 CVE-2017-18677
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-8119 (April 2017). 2020-04-07 5 CVE-2017-18678
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). 2020-04-07 6.8 CVE-2017-18692
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016). 2020-04-07 6.4 CVE-2016-11049
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). 2020-04-08 6.8 CVE-2018-21084
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017). 2020-04-07 5 CVE-2017-18675
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the “SamFAIL” issue. The Samsung ID is SVE-2017-10465 (November 2017). 2020-04-07 6.5 CVE-2017-18649
MISC
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). 2020-04-08 6.8 CVE-2018-21040
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 (September 2017). 2020-04-07 4 CVE-2017-18653
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017). 2020-04-07 4.3 CVE-2017-18689
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016). 2020-04-07 4.6 CVE-2016-11047
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). 2020-04-08 6.8 CVE-2018-21086
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680 (April 2020). 2020-04-08 5 CVE-2020-11607
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). 2020-04-08 5 CVE-2018-21078
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017). 2020-04-07 5 CVE-2017-18667
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017). 2020-04-07 5 CVE-2017-18669
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). 2020-04-08 5 CVE-2020-11605
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Intents related to Wi-Fi have incorrect exception handling, leading to a crash of system processes. The Samsung ID is SVE-2017-8389 (May 2017). 2020-04-07 5 CVE-2017-18671
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). 2020-04-08 6.8 CVE-2018-21085
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the “Use screen lock type to unpin” option. The Samsung ID is SVE-2017-11106 (February 2018). 2020-04-08 4.6 CVE-2018-21082
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017). 2020-04-07 5 CVE-2017-18676
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017). 2020-04-08 5 CVE-2017-18643
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 (November 2018). 2020-04-08 5 CVE-2018-21047
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017). 2020-04-07 5 CVE-2017-18687
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsung ID is SVE-2016-7340 (January 2017). 2020-04-07 5 CVE-2017-18688
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018). 2020-04-08 5 CVE-2018-21041
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018). 2020-04-08 5 CVE-2018-21069
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018). 2020-04-08 5 CVE-2018-21059
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018). 2020-04-08 5 CVE-2018-21060
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). 2020-04-08 5 CVE-2018-21067
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016). 2020-04-07 6.8 CVE-2016-11045
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. android.intent.action.SIOP_LEVEL_CHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 (May 2017). 2020-04-07 5 CVE-2017-18670
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). 2020-04-07 6.8 CVE-2016-11030
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017). 2020-04-07 5 CVE-2017-18662
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. The multiwindow_facade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 (August 2017). 2020-04-07 5 CVE-2017-18658
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018). 2020-04-08 5 CVE-2018-21039
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017). 2020-04-07 5 CVE-2017-18664
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. Because of missing Intent exception handling, system_server can have a NullPointerException with a crash of a system process. The Samsung IDs are SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126 (July 2017). 2020-04-07 5 CVE-2017-18663
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018). 2020-04-08 5 CVE-2018-21083
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). 2020-04-07 5 CVE-2017-18659
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017). 2020-04-07 5 CVE-2017-18650
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). 2020-04-07 5 CVE-2016-11042
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software. An unauthenticated attacker can register a new security certificate. The Samsung ID is SVE-2017-9659 (September 2017). 2020-04-07 5 CVE-2017-18654
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016). 2020-04-07 5 CVE-2016-11032
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017). 2020-04-07 5 CVE-2017-18666
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016). 2020-04-07 5 CVE-2016-11046
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017). 2020-04-07 5 CVE-2017-18656
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018). 2020-04-08 5 CVE-2018-21079
CONFIRM
samsung –multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April 2020). 2020-04-08 6.4 CVE-2020-11604
CONFIRM
sds — sds
 
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the ‘Object.prototype’ by abusing the ‘set’ function located in ‘js/set.js’. 2020-04-07 5 CVE-2020-7618
MISC
MISC
solarwinds — dameware
 
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large ‘SigPubkeyLen’ during ECDH key exchange. 2020-04-07 4.3 CVE-2020-5734
MISC
sqlite — sqlite SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object’s initialization is mishandled. 2020-04-09 5 CVE-2020-11655
MISC
MISC
stmicroelectronics — stm32f1_devices STMicroelectronics STM32F1 devices have Incorrect Access Control. 2020-04-06 5 CVE-2020-8004
MISC

suse — linux_enterprise_server_12_autoyast2_and_linux_enterprise_server_15_autoyast2

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. 2020-04-03 4.3 CVE-2019-18905
CONFIRM
suse — multiple_products
 
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1. 2020-04-03 5 CVE-2019-18904
CONFIRM

symantec — data_center_security_manager_component

Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2020-04-06 4.6 CVE-2020-5832
MISC
testlink — testlink
 
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. 2020-04-03 6.5 CVE-2020-8639
MISC
CONFIRM
universal_robotics — control_box_devices Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under ‘/root/.urcaps’ as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property. 2020-04-06 5 CVE-2020-10267
CONFIRM
universal_robots — cb3_sw_and_e-series_sw_robot_controllers
 
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible 2020-04-06 5.8 CVE-2020-10264
CONFIRM
universal_robots — universal_robots+
 
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand. 2020-04-06 6.8 CVE-2020-10266
CONFIRM
varnish-cache — varnish_cache
 
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. 2020-04-08 5 CVE-2019-20637
MISC
varnish-cache — varnish_cache
 
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. 2020-04-08 5 CVE-2020-11653
MISC
visam — vbase_editor_and_vbase_web-remote_module VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. 2020-04-03 5 CVE-2020-7000
MISC
visam — vbase_editor_and_vbase_web-remote_module VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. 2020-04-03 5 CVE-2020-7008
MISC
visam — vbase_editor_and_vbase_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash. 2020-04-03 4.6 CVE-2020-10601
MISC
vmware — vmware_director_service
 
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. 2020-04-10 6.8 CVE-2020-3952
MISC
wordpress — wordpress
 
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page). 2020-04-07 4 CVE-2020-9514
MISC
MISC
wordpress — wordpress
 
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator’s browser if the template is used to create a page). 2020-04-07 4.3 CVE-2020-11509
MISC
wordpress — wordpress
 
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. 2020-04-03 4.3 CVE-2019-17231
MISC
wordpress — wordpress
 
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an “Open Redirect” issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). 2020-04-07 5.8 CVE-2020-11515
MISC
MISC
MISC
wordpress — wordpress
 
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. 2020-04-03 5 CVE-2019-17230
MISC
xdlocalstorage — xdlocalstorage An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the “magical iframe” and receive the messages that the “magical iframe” sends. 2020-04-07 6.8 CVE-2020-11610
MISC
MISC
xdlocalstorage — xdlocalstorage
 
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. 2020-04-07 5.8 CVE-2015-9544
MISC
MISC
MISC
MISC
xdlocalstorage — xdlocalstorage
 
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. 2020-04-07 5.8 CVE-2015-9545
MISC
MISC
MISC
MISC
xdlocalstorage — xdlocalstorage
 
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends. 2020-04-07 5.8 CVE-2020-11611
MISC
MISC
zhejiang_dahua_technology — multiple_products Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. 2020-04-09 5 CVE-2020-9500
MISC
zoho — manageengine_opmanager
 
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. 2020-04-04 5 CVE-2020-11527
MISC
zoom — client_for_meetings
 
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. 2020-04-03 5 CVE-2020-11500
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
castle_rock_computing — snmpc_online
 
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities. 2020-04-09 3.5 CVE-2020-11556
MISC
fortinet — fortiadc
 
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. 2020-04-07 3.5 CVE-2020-6647
MISC
gitlab — gitlab_enterprise_and_community_editions
 
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. 2020-04-08 2.1 CVE-2020-10977
CONFIRM
MISC
ibm — doors_next_generation IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707. 2020-04-08 3.5 CVE-2019-4737
XF
CONFIRM
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808. 2020-04-08 3.5 CVE-2019-4740
XF
CONFIRM
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885. 2020-04-08 3.5 CVE-2019-4746
XF
CONFIRM
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175490. 2020-04-08 3.5 CVE-2020-4252
XF
CONFIRM
ibm — quality_manager
 
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293. 2020-04-08 3.5 CVE-2019-4602
XF
CONFIRM
ivanti — workspace_control Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). 2020-04-04 2.1 CVE-2020-11533
MISC

jenkins — jenkins

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. 2020-04-07 3.5 CVE-2020-2175
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. 2020-04-07 3.5 CVE-2020-2173
MLIST
CONFIRM
jenkins — jenkins
 
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. 2020-04-07 3.5 CVE-2020-2176
MLIST
CONFIRM
juniper_networks — junos_os
 
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1. 2020-04-08 2.1 CVE-2020-1623
CONFIRM
juniper_networks — junos_os
 
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1. 2020-04-08 2.1 CVE-2020-1624
CONFIRM
juniper_networks — junos_os
 
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1. 2020-04-08 2.1 CVE-2020-1621
CONFIRM
juniper_networks — junos_os
 
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. 2020-04-08 2.1 CVE-2020-1620
CONFIRM
juniper_networks — junos_os
 
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. 2020-04-08 2.1 CVE-2020-1622
CONFIRM
linux — linux_kernel
 
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (“The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.”) was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. 2020-04-10 2.1 CVE-2020-8832
MISC
UBUNTU
linux — linux_kernel
 
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. 2020-04-08 2.3 CVE-2020-2732
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. 2020-04-07 2.1 CVE-2020-11608
MISC
MISC
MISC
nch_software — express_invoice NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. 2020-04-07 2.1 CVE-2020-11560
MISC
MISC
ory — hydra
 
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method ‘private_key_jwt’ [1], OpenId specification says the following about assertion `jti`: “A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties”. Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: – TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks – The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17 2020-04-06 3.5 CVE-2020-5300
MISC
MISC
CONFIRM
palo_alto_networks — global_protect_agent
 
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to “Dump”. This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. 2020-04-08 2.1 CVE-2020-1987
MISC
palo_alto_networks — traps
 
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS. 2020-04-08 3.6 CVE-2020-1991
MISC
palo_alto_networks — vm_series_for_microsoft_azure_platform
 
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. 2020-04-08 1.9 CVE-2020-1978
MISC
pulse_secure — pulse_connect_secure An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) 2020-04-06 3.3 CVE-2020-11582
MISC
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). 2020-04-08 2.1 CVE-2018-21053
CONFIRM
samsung — multiple_mobile_devices An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). 2020-04-08 2.1 CVE-2018-21074
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). 2020-04-08 2.1 CVE-2018-21076
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user’s credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017). 2020-04-07 3.5 CVE-2017-18695
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016). 2020-04-07 2.1 CVE-2016-11050
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). 2020-04-08 2.1 CVE-2018-21068
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017). 2020-04-07 3.6 CVE-2017-18680
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020). 2020-04-08 2.1 CVE-2020-11606
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). 2020-04-08 2.1 CVE-2018-21077
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). 2020-04-08 2.1 CVE-2018-21080
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). 2020-04-08 2.1 CVE-2018-21073
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020). 2020-04-08 2.1 CVE-2020-11602
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). 2020-04-07 2.1 CVE-2016-11027
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). 2020-04-08 3.3 CVE-2018-21092
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). 2020-04-07 2.1 CVE-2017-18673
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020). 2020-04-08 2.1 CVE-2020-11601
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). 2020-04-07 2.1 CVE-2016-11041
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). 2020-04-07 2.1 CVE-2016-11040
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). 2020-04-08 2.1 CVE-2018-21043
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018). 2020-04-08 2.1 CVE-2018-21048
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018). 2020-04-08 2.1 CVE-2018-21046
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018). 2020-04-08 2.1 CVE-2018-21045
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). 2020-04-08 2.1 CVE-2018-21056
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017). 2020-04-08 2.1 CVE-2017-18646
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016). 2020-04-07 2.1 CVE-2016-11053
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016). 2020-04-07 2.1 CVE-2016-11048
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). 2020-04-08 2.1 CVE-2018-21062
CONFIRM
viewvc — viewvc
 
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28. 2020-04-03 2.1 CVE-2020-5283
MISC
MISC
CONFIRM
wordpress — wordpress
 
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin’s settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator’s session. 2020-04-07 3.5 CVE-2020-11516
MISC
wordpress — wordpress
 
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin’s settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts. 2020-04-07 3.5 CVE-2020-11512
MISC
MISC
wordpress — wordpress
 
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. 2020-04-07 3.5 CVE-2020-11508
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
broadcom — advanced_secure_gateway The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. 2020-04-10 not yet calculated CVE-2019-18375
MISC
d-link — dsl_gs225_j1_devices
 
D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET. 2020-04-10 not yet calculated CVE-2020-6765
CONFIRM
dell — emc_networking_x-series_devices
 
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. 2020-04-10 not yet calculated CVE-2020-5330
MISC
dropwizard — dropwizard
 
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions. 2020-04-10 not yet calculated CVE-2020-11002
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). 2020-04-07 not yet calculated CVE-2020-11619
MISC
MISC
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). 2020-04-07 not yet calculated CVE-2020-11620
MISC
MISC
huawei — mate_30_pro_and_mate_30_smartphones
 
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller’s identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). 2020-04-10 not yet calculated CVE-2020-1801
MISC
huawei — multiple_osca-550_series_devices
 
There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). 2020-04-10 not yet calculated CVE-2020-1802
MISC
jetbrains — pycharm
 
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. 2020-04-10 not yet calculated CVE-2020-11694
MISC
MISC
juniper_networks — ex_and_qfx_series_devices On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3. 2020-04-08 not yet calculated CVE-2020-1618
CONFIRM
juniper_networks — high-end_srx_series_devices On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices. 2020-04-08 not yet calculated CVE-2020-1634
MISC
juniper_networks — jatp_and_vjatp Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. 2020-04-08 not yet calculated CVE-2020-1616
MISC
juniper_networks — junos_os When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67. 2020-04-08 not yet calculated CVE-2020-1639
MISC

juniper_networks — junos_os

A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1. 2020-04-08 not yet calculated CVE-2020-1629
CONFIRM
juniper_networks — junos_os
 
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R4-S13, 16.1R7-S6; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3-S1; 18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60, 18.2X75-D411; 18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. 2020-04-08 not yet calculated CVE-2020-1630
CONFIRM
juniper_networks — junos_os
 
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability. This issue only affects IPv6. IPv4 ARP proxy is unaffected by this vulnerability. This issue affects Juniper Networks Junos OS: 17.4 versions prior to 17.4R2-S9, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S9 on MX Series; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3 on MX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S2, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series. 2020-04-09 not yet calculated CVE-2020-1633
CONFIRM
juniper_networks — junos_os
 
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300. 2020-04-08 not yet calculated CVE-2020-1628
CONFIRM
juniper_networks — junos_os
 
This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources. 2020-04-08 not yet calculated CVE-2020-1617
MISC
MISC
MISC
juniper_networks — junos_os
 
The kernel memory usage represented as “temp” via ‘show system virtual-memory’ may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of “temp” virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the ‘show system virtual-memory’ command as shown below: user@junos> show system virtual-memory |match “fpc|type|temp” fpc0: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2023 431K – 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2020 431K – 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match “fpc|type|temp” fpc0: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2023 431K – 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2020 431K – 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match “fpc|type|temp” fpc0: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2023 431K – 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: ————————————————————————– Type InUse MemUse HighUse Requests Size(s) temp 2020 431K – 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1. 2020-04-08 not yet calculated CVE-2020-1625
CONFIRM
juniper_networks — junos_os
 
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. 2020-04-08 not yet calculated CVE-2020-1615
CONFIRM
juniper_networks — junos_os
 
A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20. 2020-04-08 not yet calculated CVE-2020-1613
CONFIRM
juniper_networks — junos_os_and_junos_os_evolved
 
The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO. 2020-04-08 not yet calculated CVE-2020-1638
CONFIRM
juniper_networks — junos_os_evolved A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO. 2020-04-08 not yet calculated CVE-2020-1626
CONFIRM
MISC
juniper_networks — multiple_devices
 
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the “show vmhost status” is not supported, then the device does not have NG-RE with vmhost. 2020-04-08 not yet calculated CVE-2020-1619
CONFIRM
juniper_networks — nfx250_series_vsrx_vnf A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1. 2020-04-08 not yet calculated CVE-2020-1614
MISC
MISC
juniper_networks — srx_series_devices A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. 2020-04-08 not yet calculated CVE-2020-1637
CONFIRM
juniper_networks — vmx_and_mx150_devices
 
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can’t handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Flow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode. This issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash. When the issue occurs, a core dump and riot log file entry are generated. For example: /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz /home/pfe/RIOT logs: fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc(): This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3 on vMX and MX150; 18.2 versions prior to 18.2R3 on vMX and MX150; 18.2X75 versions prior to 18.2X75-D60 on vMX and MX150; 18.3 versions prior to 18.3R3 on vMX and MX150; 18.4 versions prior to 18.4R2 on vMX and MX150; 19.1 versions prior to 19.1R2 on vMX and MX150. This issue does not affect Junos OS versions prior to 18.1R1. 2020-04-08 not yet calculated CVE-2020-1627
CONFIRM
linux — linux_kernel
 
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (“KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures”) 87a11bb6a7f7 (“KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode”) The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it’s believed the first is the only strictly necessary commit: 6f597c6b63b6 (“KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()”) 7b0e827c6970 (“KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm”) 009c872a8bc4 (“KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file”) 2020-04-09 not yet calculated CVE-2020-8834
CONFIRM
UBUNTU
CONFIRM
periscope — buyspeed
 
Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of the user, which could possibly cause website redirection, session hijacking, or information disclosure. This vulnerability has been patched in BuySpeed version 15.3. 2020-04-10 not yet calculated CVE-2020-9056
CERT-VN
MISC
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015). 2020-04-10 not yet calculated CVE-2015-8546
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is “Unhandled exception in Dalvik VM,” “Application not responding ANR event,” or “Crash on an application’s native code.” The Samsung ID is SVE-2015-2885 (October 2015). 2020-04-10 not yet calculated CVE-2015-9547
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015). 2020-04-10 not yet calculated CVE-2015-9546
CONFIRM
samsung — multiple_mobile_devices
 
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015). 2020-04-10 not yet calculated CVE-2015-5524
CONFIRM
tendermint — tendermint
 
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim `activeID` of a peer after it’s removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before `AddPeer`, which leads to always growing memory (`activeIDs` map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10. ### For more information If you have any questions or comments about this advisory: * Open an issue in tendermint/tendermint * Email us at [security@tendermint.com](mailto:security@tendermint.com) More information can be found here. ### Credits – Ethan Buchman (@ebuchman) for writing a test case for Denial of Service 2 and Tess Rinearson (@tessr) for fixing it – Anton Kaliaev (@melekes) for fixing Denial of Service 1 2020-04-10 not yet calculated CVE-2020-5303
MISC
CONFIRM
MISC
wireshark — wireshark
 
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. 2020-04-10 not yet calculated CVE-2020-11647
MISC
MISC
MISC
wmware — tanzu_application_service_for_vms
 
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling. 2020-04-10 not yet calculated CVE-2020-5406
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.