Vulnerability Summary for the Week of August 10, 2020

Original release date: August 17, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — http_server Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE 2020-08-07 7.5 CVE-2020-11984
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
GENTOO
CONFIRM
digitus — da-70254_firmware DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15063
MISC
firejail_project — firejail Firejail through 0.9.62 mishandles shell metacharacters during use of the –output or –output-stderr option, which may lead to command injection. 2020-08-11 7.5 CVE-2020-17368
SUSE
MISC
DEBIAN
DEBIAN
flatcore — flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. 2020-08-09 9 CVE-2020-17452
MISC
MISC
google — android There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 2020-08-11 7.8 CVE-2020-0254
MISC
google — android In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A 2020-08-11 7.2 CVE-2020-0259
MISC
google — android In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968 2020-08-11 7.2 CVE-2020-0257
MISC
google — android In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 2020-08-11 7.2 CVE-2020-0256
MISC
google — android In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 2020-08-11 7.2 CVE-2020-0243
MISC
google — android In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722 2020-08-11 7.2 CVE-2020-0242
MISC
google — android In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 2020-08-11 7.2 CVE-2020-0241
MISC
google — android In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616 2020-08-11 7.2 CVE-2020-0108
MISC
google — android There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365 2020-08-11 10 CVE-2020-0253
MISC
google — android There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803 2020-08-11 10 CVE-2020-0252
MISC
google — android There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 2020-08-11 7.8 CVE-2020-0251
MISC
google — android In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 2020-08-11 9.3 CVE-2020-0240
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. The vulnerability only occurs if an undocumented customization has been applied by an administrator. IBM X-Force ID: 184585. 2020-08-13 10 CVE-2020-4589
XF
CONFIRM
json_pattern_validator_project — json_pattern_validator jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. 2020-08-10 7.5 CVE-2020-17479
MISC
MISC
MISC
MISC
lindy-international — 42633_firmware Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15059
MISC
microfocus — secure_messaging_gateway DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. 2020-08-07 9 CVE-2020-11852
MISC
mozilla — firefox JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 9.3 CVE-2020-15656
SUSE
MISC
MISC
MISC
MISC
opensuse — tumbleweed A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. 2020-08-07 7.2 CVE-2020-8026
CONFIRM
passmark — burnintest An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver’s IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. 2020-08-07 7.2 CVE-2020-15479
MISC
MISC
MISC
MISC
passmark — burnintest An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. 2020-08-07 7.2 CVE-2020-15480
MISC
MISC
MISC
MISC
robotemi — robox_os Authentication Bypass Using an Alternate Path or Channel in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value. 2020-08-07 7.5 CVE-2020-16169
MISC
MISC
robotemi — temi Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to gain raised privileges on the temi and have it automatically answer the attacker’s calls, granting audio, video, and motor control. 2020-08-11 7.5 CVE-2020-16170
MISC
MISC
sap — netweaver SAP NetWeaver AS JAVA, versions – (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. 2020-08-12 7.8 CVE-2020-6309
MISC
MISC
sap — netweaver_knowledge_management SAP NetWeaver (Knowledge Management), versions – 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user’s privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. 2020-08-12 8.5 CVE-2020-6284
MISC
MISC
securenvoy — securmail SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. 2020-08-07 9.3 CVE-2020-13376
MISC
MISC
thedaylightstudio — fuel_cms FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. 2020-08-13 7.5 CVE-2020-17463
MISC
MISC
MISC
CONFIRM
tp-link — tl-ps310u_firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. 2020-08-07 8.3 CVE-2020-15055
MISC
turcom — trcwifizone Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses. 2020-08-11 7.5 CVE-2020-17466
MISC
MISC
zohocorp — manageengine_adselfservice_plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to windowssystem32, cmd.exe can be launched as a SYSTEM. 2020-08-11 10 CVE-2020-11552
MISC
MISC
FULLDISC
CONFIRM
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accuity — firco_continuity A stored Cross-site scripting (XSS) vulnerability in Firco Continuity 6.2.0.0 allows remote unauthenticated attackers to inject arbitrary web script or HTML through the username field of the login page. 2020-08-12 4.3 CVE-2020-16186
MISC
apache — http_server Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above “info” will mitigate this vulnerability for unpatched servers. 2020-08-07 4.3 CVE-2020-11993
MISC
MLIST
MLIST
MLIST
GENTOO
CONFIRM
apache — http_server Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via “H2Push off” will mitigate this vulnerability for unpatched servers. 2020-08-07 5 CVE-2020-9490
MISC
MLIST
MLIST
MLIST
GENTOO
CONFIRM
apache — http_server IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. 2020-08-07 4.3 CVE-2020-11985
MISC
GENTOO
apache — wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 2020-08-11 5 CVE-2020-11976
MISC
artifex — ghostscript A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16288
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-17538
MISC
MISC
artifex — ghostscript A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. 2020-08-13 6.8 CVE-2020-16303
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. 2020-08-13 6.8 CVE-2020-16302
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16309
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16308
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16294
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16300
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16287
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. 2020-08-13 6.8 CVE-2020-16304
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16289
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16297
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16301
MISC
MISC
artifex — ghostscript A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16293
MISC
MISC
artifex — ghostscript A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16299
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16298
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16305
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16296
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16291
MISC
MISC
artifex — ghostscript A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16295
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16290
MISC
MISC
artifex — ghostscript A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 4.3 CVE-2020-16292
MISC
MISC
avaya — ip_office A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. 2020-08-07 5 CVE-2019-7005
CONFIRM
carson-saint — saint_security_suite A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. 2020-08-10 4.3 CVE-2020-16275
CONFIRM
carson-saint — saint_security_suite A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. 2020-08-10 4.3 CVE-2020-16278
CONFIRM
carson-saint — saint_security_suite An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. 2020-08-10 6.5 CVE-2020-16276
CONFIRM
carson-saint — saint_security_suite An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. 2020-08-10 6.5 CVE-2020-16277
CONFIRM
combodo — itop A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. 2020-08-10 5 CVE-2020-12777
MISC
combodo — itop A security misconfiguration exists in Combodo iTop, which can expose sensitive information. 2020-08-10 5 CVE-2020-12780
MISC
combodo — itop Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. 2020-08-10 6.8 CVE-2020-12781
MISC
combodo — itop Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. 2020-08-10 4.3 CVE-2020-12778
MISC
cs2-network — p2p CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. 2020-08-10 4.3 CVE-2020-9526
MISC
MISC
cs2-network — p2p CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. 2020-08-10 6.8 CVE-2020-9525
MISC
MISC
deltaww — tpeditor Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16223
MISC
MISC
deltaww — tpeditor Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16227
MISC
MISC
deltaww — tpeditor Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16219
MISC
MISC
MISC
deltaww — tpeditor Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16225
MISC
MISC
deltaww — tpeditor Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 2020-08-07 6.8 CVE-2020-16221
MISC
MISC
digitus — da-70254_firmware DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15065
MISC
django-celery-results_project — django-celery-results django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. 2020-08-11 5 CVE-2020-17495
MISC
f2fs-tools_project — f2fs-tools An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. 2020-08-10 6.8 CVE-2020-6070
MISC
firejail_project — firejail Firejail through 0.9.62 does not honor the — end-of-options indicator after the –output option, which may lead to command injection. 2020-08-11 4.6 CVE-2020-17367
SUSE
MISC
MISC
DEBIAN
frappe — erpnext An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-08-10 6.5 CVE-2020-6145
MISC
getsymphony — symphony_cms content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields[‘name’] to appendSubheading. 2020-08-11 4.3 CVE-2020-15071
MISC
gitlab — gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. 2020-08-10 5.5 CVE-2020-13293
CONFIRM
MISC
MISC
gitlab — gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. 2020-08-10 5.5 CVE-2020-13292
CONFIRM
MISC
MISC
gitlab — gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. 2020-08-13 4 CVE-2020-13286
CONFIRM
MISC
MISC
gitlab — gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature 2020-08-13 4 CVE-2020-13281
CONFIRM
MISC
MISC
gitlab — gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. 2020-08-10 5.5 CVE-2020-13294
CONFIRM
MISC
MISC
gitlab — runner For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. 2020-08-10 6.5 CVE-2020-13295
CONFIRM
MISC
MISC
google — android In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439 2020-08-11 4.9 CVE-2020-0248
MISC
google — android In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 2020-08-11 6.9 CVE-2020-0238
MISC
google — android In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863 2020-08-11 4.9 CVE-2020-0239
MISC
google — android In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 2020-08-11 4.9 CVE-2020-0247
MISC
google — android In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656 2020-08-11 4.9 CVE-2020-0249
MISC
google — android In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934 2020-08-11 4.9 CVE-2020-0250
MISC
google — android In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 2020-08-11 4.9 CVE-2020-0258
MISC
MISC
google — android There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 2020-08-11 6.4 CVE-2020-0260
MISC
google — asylo A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The ‘enc_untrusted_recvfrom’ function generates a return value which is deserialized by ‘MessageReader’, and copied into three different ‘extents’. The length of the third ‘extents’ is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later. 2020-08-12 4 CVE-2020-8905
CONFIRM
google — asylo An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later. 2020-08-12 5.5 CVE-2020-8904
CONFIRM
handysoft — hslogin2.dll hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. 2020-08-07 6.8 CVE-2020-7810
MISC
MISC
huawei — fusioncompute FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. 2020-08-10 4.6 CVE-2020-9078
MISC
huawei — fusionsphere_openstack FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. 2020-08-11 5.8 CVE-2020-9079
MISC
huawei — mate_20_firmware HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged 2020-08-11 4.6 CVE-2020-9244
MISC
huawei — mate_30_firmware HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. 2020-08-10 4.3 CVE-2020-9243
MISC
huawei — p30_firmware HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function. 2020-08-10 4.3 CVE-2020-9245
MISC
ibm — event_streams IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. 2020-08-14 6.5 CVE-2020-4662
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717. 2020-08-10 4.3 CVE-2020-4533
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2020-08-10 4.3 CVE-2020-4539
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039. 2020-08-10 4.3 CVE-2020-4541
XF
CONFIRM
ibm — maximo_asset_management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. 2020-08-13 4 CVE-2019-4582
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860. 2020-08-11 4 CVE-2020-4485
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. 2020-08-11 5.5 CVE-2020-4486
XF
CONFIRM
jenkins — email_extension Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. 2020-08-12 5 CVE-2020-2232
MLIST
CONFIRM
jenkins — flaky_test_handler A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. 2020-08-12 4.3 CVE-2020-2237
MLIST
CONFIRM
jenkins — pipeline_maven_integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2020-08-12 4 CVE-2020-2233
MLIST
CONFIRM
jenkins — pipeline_maven_integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. 2020-08-12 4 CVE-2020-2234
MLIST
CONFIRM
jenkins — pipeline_maven_integration A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. 2020-08-12 4.3 CVE-2020-2235
MLIST
CONFIRM
jerryscript — jerryscript ** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse(“[]”,a). NOTE: the vendor states that the problem is the lack of the –stack-limit option. 2020-08-13 6.8 CVE-2020-24345
MISC
jetbrains — kotlin In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. 2020-08-08 6.5 CVE-2020-15824
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. 2020-08-08 4 CVE-2020-15826
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. 2020-08-08 4 CVE-2020-15828
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. 2020-08-08 5 CVE-2020-15829
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users’ privileges. 2020-08-08 6.5 CVE-2020-15825
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. 2020-08-08 4.3 CVE-2020-15831
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. 2020-08-08 4.3 CVE-2020-15830
MISC
MISC
jetbrains — toolbox In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. 2020-08-08 5 CVE-2020-15827
MISC
MISC
jetbrains — upsource In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. 2020-08-08 5 CVE-2019-19704
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. 2020-08-08 4 CVE-2020-15821
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. 2020-08-08 6.5 CVE-2020-15817
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. 2020-08-08 5 CVE-2020-15823
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. 2020-08-08 5 CVE-2020-15820
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. 2020-08-08 5 CVE-2020-15819
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. 2020-08-08 5 CVE-2020-15818
MISC
MISC
lindy-international — 42633_firmware Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15061
MISC
mahara — mahara In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. 2020-08-07 4.3 CVE-2020-15907
MISC
MISC
mibew — messenger Mibew Messenger before 3.2.7 allows XSS via a crafted user name. 2020-08-10 4.3 CVE-2020-17476
MISC
MISC
mozilla — firefox A unicode RTL order character in the downloaded file name can be used to change the file’s name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. 2020-08-10 4.3 CVE-2020-15651
MISC
MISC
mozilla — firefox A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. 2020-08-10 4.3 CVE-2020-15661
MISC
MISC
mozilla — firefox The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 4.3 CVE-2020-15658
SUSE
MISC
MISC
MISC
MISC
mozilla — firefox A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 4.3 CVE-2020-15655
SUSE
MISC
MISC
MISC
MISC
mozilla — firefox When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 4.3 CVE-2020-15654
SUSE
MISC
MISC
MISC
MISC
mozilla — firefox By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. 2020-08-10 4.3 CVE-2020-15652
SUSE
SUSE
SUSE
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefox A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. 2020-08-10 4.3 CVE-2020-15662
MISC
MISC
mozilla — firefox An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 4.3 CVE-2020-15653
SUSE
MISC
MISC
MISC
MISC
mozilla — firefox Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. 2020-08-10 6.9 CVE-2020-15657
SUSE
MISC
MISC
MISC
MISC
mozilla — firefox Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. 2020-08-10 4.3 CVE-2020-15648
MISC
MISC
MISC
mozilla — firefox A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. 2020-08-10 5 CVE-2020-15647
MISC
MISC
mozilla — firefox_esr Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. 2020-08-10 4.3 CVE-2020-15650
MISC
MISC
mozilla — firefox_esr Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. 2020-08-10 4.3 CVE-2020-15649
MISC
MISC
mybb — mybb MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode. 2020-08-09 4.3 CVE-2020-17447
MISC
MISC
mybb — mybb In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn’t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file. 2020-08-10 4.3 CVE-2020-15139
MISC
CONFIRM
MISC
nextcloud — nextcloud A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. 2020-08-10 4.6 CVE-2020-8224
MISC
MISC
nextcloud — nextcloud A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. 2020-08-10 4.9 CVE-2020-8229
MISC
MISC
nginx — njs njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. 2020-08-13 6.8 CVE-2020-24346
MISC
p5-crypt-perl_project — p5-crypt-perl ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. 2020-08-10 5 CVE-2020-17478
MISC
php-fusion — php-fusion PHP-Fusion 9.03 allows XSS on the preview page. 2020-08-12 4.3 CVE-2020-17450
MISC
prometheus — blackbox_exporter ** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. 2020-08-09 5 CVE-2020-16248
MISC
MISC
MISC
MISC
MISC
qemu — qemu In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. 2020-08-11 5 CVE-2020-16092
MISC
MISC
redhat — cloudforms Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. 2020-08-11 6.5 CVE-2020-10783
MISC
MISC
redhat — cloudforms In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior. 2020-08-11 6.5 CVE-2020-10778
MISC
MISC
redhat — cloudforms Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. 2020-08-11 4 CVE-2020-10779
MISC
MISC
redhat — cloudforms Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. 2020-08-11 6.4 CVE-2020-14325
MISC
MISC
redhat — cloudforms_management_engine Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities. 2020-08-11 6.8 CVE-2020-10780
MISC
MISC
redhat — cloudforms_management_engine A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. 2020-08-11 6.5 CVE-2020-14324
MISC
MISC
redhat — cloudforms_management_engine Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. 2020-08-11 5.5 CVE-2020-14296
MISC
MISC
redhat — quay An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. 2020-08-11 5 CVE-2020-14313
MISC
robotemi — launcher_os Missing Authentication for Critical Function in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video. 2020-08-07 6.4 CVE-2020-16167
MISC
MISC
robotemi — temi_firmware Origin Validation Error in Robotemi Global Ltd Temi Firmware up to 20190419.165201, Launcher OS prior to 11969-13146, Robox OS prior to 117.21-119.24, and their Android phone app prior to 1.3.3-1.3.7931 allows remote attackers to access the custom API server and MQTT broker used by the temi and send it custom data/requests. 2020-08-07 4.3 CVE-2020-16168
MISC
MISC
roundcube — webmail Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. 2020-08-12 4.3 CVE-2020-16145
CONFIRM
MISC
sabnzbd — sabnzbd SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. 2020-08-11 6.5 CVE-2020-13124
MISC
CONFIRM
MISC
sap — abap_platform SAP NetWeaver (ABAP Server) and ABAP Platform, versions – 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. 2020-08-12 4 CVE-2020-6299
MISC
MISC
sap — abap_platform Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions – 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. 2020-08-12 4 CVE-2020-6310
MISC
MISC
sap — abap_platform SAP NetWeaver (ABAP Server) and ABAP Platform, versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. 2020-08-12 6.5 CVE-2020-6296
MISC
MISC
sap — adaptive_server_enterprise Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. 2020-08-12 4.6 CVE-2020-6295
MISC
MISC
sap — businessobjects_business_intelligence_platform Xvfb of SAP Business Objects Business Intelligence Platform, versions – 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. 2020-08-12 6.4 CVE-2020-6294
MISC
MISC
sap — generic_market_data SAP Banking Services (Generic Market Data), versions – 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. 2020-08-12 5.5 CVE-2020-6298
MISC
MISC
sap — hcm_travel_management SAP ERP (HCM Travel Management), versions – 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. 2020-08-12 5.5 CVE-2020-6301
MISC
MISC
sap — netweaver_knowledge_management SAP NetWeaver (Knowledge Management), versions – 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload. 2020-08-12 6.4 CVE-2020-6293
MISC
MISC
sap — s/4_hana_fiori_ui_for_general_ledger_accounting SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. 2020-08-12 4 CVE-2020-6273
MISC
MISC
sophos — xg_firewall_firmware Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. 2020-08-07 6.5 CVE-2020-17352
MISC
MISC
suse — linux_enterprise_high_performance_computing A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. 2020-08-07 4.6 CVE-2020-8025
CONFIRM
telegram — telegram_desktop Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. 2020-08-11 6.8 CVE-2020-17448
MISC
MISC
MISC
teradici — cloud_access_connector The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application. 2020-08-11 4.3 CVE-2020-13176
MISC
teradici — cloud_access_connector The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. 2020-08-11 5 CVE-2020-13175
MISC
teradici — graphics_agent The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. 2020-08-11 4.4 CVE-2020-13177
MISC
teradici — graphics_agent A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process. 2020-08-11 4.6 CVE-2020-13178
MISC
teradici — managament_console The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. 2020-08-11 4.3 CVE-2020-13174
MISC
themeinprogress — nova_lite search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. 2020-08-12 4.3 CVE-2020-17362
CONFIRM
tibco — silver_fabric The VirtualRouter component of TIBCO Software Inc.’s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.’s TIBCO Silver Fabric: versions 6.0.0 and below. 2020-08-11 5.8 CVE-2019-17339
CONFIRM
tiny — tinymce A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. 2020-08-14 4.3 CVE-2020-12648
MISC
tiny — tinymce TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. 2020-08-10 4.3 CVE-2020-17480
MISC
MISC
tp-link — tl-ps310u_firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. 2020-08-07 6.1 CVE-2020-15057
MISC
vmware — spring_cloud_netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. 2020-08-07 4 CVE-2020-5412
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
combodo — itop Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. 2020-08-10 3.5 CVE-2020-12779
MISC
digitus — da-70254_firmware DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15064
MISC
digitus — da-70254_firmware DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15062
MISC
flatcore — flatcore flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. 2020-08-09 3.5 CVE-2020-17451
MISC
MISC
gitlab — gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. 2020-08-13 3.5 CVE-2020-13283
CONFIRM
MISC
MISC
gitlab — gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issue reference number tooltip. 2020-08-13 3.5 CVE-2020-13285
CONFIRM
MISC
MISC
gitlab — gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page 2020-08-12 3.5 CVE-2020-13288
CONFIRM
MISC
MISC
jenkins — jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. 2020-08-12 3.5 CVE-2020-2229
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. 2020-08-12 3.5 CVE-2020-2230
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via ‘Trigger builds remotely’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. 2020-08-12 3.5 CVE-2020-2231
MLIST
CONFIRM
jenkins — yet_another_build_visualizer Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. 2020-08-12 3.5 CVE-2020-2236
MLIST
CONFIRM
lindy-international — 42633_firmware Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15058
MISC
lindy-international — 42633_firmware Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15060
MISC
mcafee — data_loss_prevention Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. 2020-08-13 2.1 CVE-2020-7307
MISC
mcafee — data_loss_prevention Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user’s browser via adding a new label. 2020-08-13 2.3 CVE-2020-7303
MISC
pactware — pactware In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. 2020-08-11 2.1 CVE-2020-9403
CONFIRM
php-fusion — php-fusion PHP-Fusion 9.03 allows XSS via the error_log file. 2020-08-12 3.5 CVE-2020-17449
MISC
redhat — cloudforms A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. 2020-08-11 3.5 CVE-2020-10777
MISC
MISC
sap — businessobjects_business_intelligence_platform SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. 2020-08-12 3.5 CVE-2020-6300
MISC
MISC
sap — data_intelligence Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version – 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure. 2020-08-12 2.1 CVE-2020-6297
MISC
MISC
soplanning — soplanning SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. 2020-08-11 3.5 CVE-2020-15597
MISC
MISC
sugarcrm — sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. 2020-08-12 3.5 CVE-2020-17373
MISC
MISC
MISC
MISC
MISC
sugarcrm — sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows XSS. 2020-08-12 3.5 CVE-2020-17372
MISC
MISC
MISC
MISC
MISC
teradici — graphics_agent Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure. 2020-08-11 2.1 CVE-2020-13179
MISC
tp-link — tl-ps310u_firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. 2020-08-07 3.3 CVE-2020-15054
MISC
tp-link — tl-ps310u_firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. 2020-08-07 2.3 CVE-2020-15056
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abbyy — finereader
 
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. 2020-08-13 not yet calculated CVE-2019-20383
CONFIRM
MISC
CONFIRM
adobe — git-server
 
The resolveRepositoryPath function doesn’t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. 2020-08-14 not yet calculated CVE-2020-9708
MISC
alps_alpine — touchpad_driver The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a “fake” DLL file. 2020-08-12 not yet calculated CVE-2020-15596
MISC
MISC
amazon_web_services — s3_crypto_sdk_for_golang
 
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target’s S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC’s ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. 2020-08-11 not yet calculated CVE-2020-8911
CONFIRM
CONFIRM
amazon_web_services — s3_crypto_sdk_for_golang
 
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files. 2020-08-11 not yet calculated CVE-2020-8912
CONFIRM
CONFIRM
artica — web_proxy Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. 2020-08-12 not yet calculated CVE-2020-17505
MISC
artica — web_proxy
 
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. 2020-08-12 not yet calculated CVE-2020-17506
MISC
MISC
artifex_software — ghostscript
 
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. 2020-08-13 not yet calculated CVE-2020-16310
MISC
MISC
artifex_software — ghostscript
 
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. 2020-08-13 not yet calculated CVE-2020-16307
MISC
MISC
artifex_software — ghostscript
 
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. 2020-08-13 not yet calculated CVE-2020-16306
MISC
MISC
artifex_software — mujs
 
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. 2020-08-13 not yet calculated CVE-2020-24343
MISC
asyncpg — asyncpg
 
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. 2020-08-12 not yet calculated CVE-2020-17446
CONFIRM
avaya — aura_communication_manager_and_aura_messaging
 
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. 2020-08-11 not yet calculated CVE-2020-7029
CONFIRM
blackberry — qnx_software_development_platform
 
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. 2020-08-12 not yet calculated CVE-2020-6932
MISC
cisco — unified_ip_conference_station_7937g
 
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. 2020-08-12 not yet calculated CVE-2020-16139
MISC
MISC
MISC
cisco — unified_ip_conference_station_7937g
 
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. 2020-08-12 not yet calculated CVE-2020-16138
MISC
MISC
MISC
cisco — unified_ip_conference_station_7937g
 
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. 2020-08-12 not yet calculated CVE-2020-16137
MISC
MISC
MISC
cms_made_simple — cms_made_simple
 
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. 2020-08-14 not yet calculated CVE-2020-17462
EXPLOIT-DB
documalis — free_pdf_editor_and_free_pdf_scanner
 
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software. 2020-08-12 not yet calculated CVE-2020-7374
MISC
dovecot — dovecot
 
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. 2020-08-12 not yet calculated CVE-2020-12674
MISC
MLIST
DEBIAN
CONFIRM
dovecot — dovecot
 
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. 2020-08-12 not yet calculated CVE-2020-12673
MISC
MLIST
DEBIAN
CONFIRM
dovecot — dovecot
 
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. 2020-08-12 not yet calculated CVE-2020-12100
MLIST
MISC
MLIST
DEBIAN
eaton — secure_connect_mobile_app
 
Eaton’s Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user’s account and associated devices. 2020-08-12 not yet calculated CVE-2020-6653
MISC
evga — precision_x1
 
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITYSYSTEM privileges by mapping DevicePhysicalMemory into the calling process. 2020-08-11 not yet calculated CVE-2020-14979
MISC
MISC
fortinet — fortios
 
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. 2020-08-14 not yet calculated CVE-2019-5591
CONFIRM
galileo_cms — galileo_cms
 
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). 2020-08-14 not yet calculated CVE-2019-7410
CONFIRM
MISC
MISC
MISC
geutebrück — g-cam_and_g-code
 
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). 2020-08-14 not yet calculated CVE-2020-16205
MISC
gitlab — gitlab
 
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. 2020-08-13 not yet calculated CVE-2020-13280
CONFIRM
MISC
gitlab — gitlab
 
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. 2020-08-13 not yet calculated CVE-2020-13282
CONFIRM
MISC
MISC
gitlab — gitlab
 
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page. 2020-08-12 not yet calculated CVE-2020-13290
CONFIRM
MISC
MISC
gitlab — gitlab
 
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. 2020-08-12 not yet calculated CVE-2020-13291
CONFIRM
MISC
gnome — gnome-shell
 
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) 2020-08-11 not yet calculated CVE-2020-17489
MISC
google — android
 
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android’s Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application’s data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. 2020-08-12 not yet calculated CVE-2020-8913
CONFIRM
google — android
 
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841 2020-08-13 not yet calculated CVE-2020-0261
MISC
google — go-tpm
 
An improperly initialized ‘migrationAuth’ value in Google’s go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both ‘encUsageAuth’ and ‘encMigrationAuth’, and then can calculate ‘usageAuth ^ encMigrationAuth’ as the ‘migrationAuth’ can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for ‘migrationAuth’. 2020-08-11 not yet calculated CVE-2020-8918
CONFIRM
horndis — horndis
 
All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-bit kernels; 64-bit kernels are more likely to crash on attempted exploitation. It is not believed that kernel memory corruption is possible, or that unattended kernel memory disclosure without the collaboration of a userspace program running on the host is possible. The vulnerability is in `HoRNDIS::receivePacket`. `msg_len`, `data_ofs`, and `data_len` can be controlled by an attached USB device, and a negative value of `data_ofs` can bypass the check for `(data_ofs + data_len + 8) > msg_len`, and subsequently can cause a wild pointer copy in the `mbuf_copyback` call. The software is not maintained and no patches are planned. Users of multi-tenant systems with HoRNDIS installed should only connect trusted USB devices to their system. 2020-08-12 not yet calculated CVE-2020-15137
CONFIRM
huawei — fusioncomput
 
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. 2020-08-14 not yet calculated CVE-2020-9229
MISC
huawei — fusioncomput
 
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. 2020-08-14 not yet calculated CVE-2020-9228
MISC
inet — wireless_daemon
 
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. 2020-08-12 not yet calculated CVE-2020-17497
MISC
intel — acceleration_stack
 
Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8684
MISC
intel — computing_improvement_program
 
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8736
MISC
intel — distribution_of_openvino_toolkit
 
Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-12287
MISC
intel — graphics_drivers Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8682
MISC
intel — graphics_drivers
 
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8679
MISC
intel — graphics_drivers
 
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-0512
MISC
intel — graphics_drivers
 
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-0513
MISC
intel — graphics_drivers
 
Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8681
MISC
intel — graphics_drivers
 
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8683
MISC
intel — graphics_drivers
 
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8680
MISC
intel — graphics_drivers
 
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-0510
MISC
intel — led_manager
 
Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8685
MISC
intel — mailbox
 
Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8743
MISC
intel — multiple_products Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8729
CONFIRM
MISC
intel — multiple_products
 
Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8731
CONFIRM
MISC
intel — multiple_products
 
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8713
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8706
CONFIRM
MISC
intel — multiple_products
 
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8708
CONFIRM
MISC
intel — multiple_products
 
Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8732
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8720
CONFIRM
MISC
intel — multiple_products
 
Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8709
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8707
CONFIRM
MISC
intel — multiple_products
 
Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8730
CONFIRM
MISC
intel — multiple_products
 
Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8717
CONFIRM
MISC
intel — multiple_products
 
Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-08-13 not yet calculated CVE-2020-8723
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8722
CONFIRM
MISC
intel — multiple_products
 
Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8721
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8719
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8718
CONFIRM
MISC
intel — multiple_products
 
Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8711
CONFIRM
MISC
intel — multiple_products
 
Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8716
CONFIRM
MISC
intel — multiple_products
 
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8714
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8712
CONFIRM
MISC
intel — multiple_products
 
Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8710
CONFIRM
MISC
intel — multiple_products
 
Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access. 2020-08-13 not yet calculated CVE-2020-8715
CONFIRM
MISC
intel — nuc
 
Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8742
MISC
intel — proset/wireless_wifi_products
 
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-0559
MISC
intel — raid_web_console_3
 
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access. 2020-08-13 not yet calculated CVE-2020-8688
MISC
intel — realsense_d400_series_uwp_driver
 
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8763
MISC
intel — rste_software_raid_driver
 
Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8687
MISC
intel — server_board_families
 
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-12301
CONFIRM
MISC
intel — server_board_families
 
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-12300
CONFIRM
MISC
intel — server_board_families
 
Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-12299
CONFIRM
MISC
intel — server_board_m10jnp2sb
 
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8733
CONFIRM
MISC
intel — ssd_sct
 
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-8759
MISC
intel — thunderbolt_controllers
 
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. 2020-08-13 not yet calculated CVE-2019-14630
MISC
intel — wireless_bluetooth_products
 
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-0555
MISC
intel — wireless_bluetooth_products
 
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. 2020-08-13 not yet calculated CVE-2020-0554
MISC
intel — wireless_bluetooth_products
 
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. 2020-08-13 not yet calculated CVE-2020-0553
MISC
intel — wireless_bluetooth_products
 
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. 2020-08-13 not yet calculated CVE-2019-14620
MISC
intel — wireless_for_open_source
 
Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2020-08-13 not yet calculated CVE-2020-8689
MISC
ise — smart_connect_knx_valliant
 
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. 2020-08-14 not yet calculated CVE-2019-19643
MISC
jerryscript — jerryscript
 
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. 2020-08-13 not yet calculated CVE-2020-24344
MISC
loway — queuemetrics
 
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. 2020-08-13 not yet calculated CVE-2020-15925
MISC
loway — queuemetrics
 
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. 2020-08-13 not yet calculated CVE-2020-15947
MISC
lua — lua
 
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. 2020-08-13 not yet calculated CVE-2020-24342
MISC
MISC
mantisbt — mantisbt
 
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). 2020-08-12 not yet calculated CVE-2020-16266
CONFIRM
CONFIRM
mcafee — data_loss_prevention
 
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text 2020-08-13 not yet calculated CVE-2020-7306
CONFIRM
mcafee — data_loss_prevention_epo_extension
 
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. 2020-08-13 not yet calculated CVE-2020-7304
CONFIRM
mcafee — data_loss_prevention_epo_extension
 
Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. 2020-08-13 not yet calculated CVE-2020-7302
MISC
mcafee — data_loss_prevention_epo_extension
 
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. 2020-08-12 not yet calculated CVE-2020-7301
CONFIRM
mcafee — data_loss_prevention_epo_extension
 
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. 2020-08-12 not yet calculated CVE-2020-7300
CONFIRM
mcafee — data_loss_prevention_epo_extension
 
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. 2020-08-13 not yet calculated CVE-2020-7305
CONFIRM
megvii — koala
 
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. 2020-08-14 not yet calculated CVE-2020-17475
MISC
microsoft — composer-setup
 
In Composer-Setup for Windows before version 6.0.0, if the developer’s computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:ProgramDataComposerSetupbincomposer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:ProgramDataComposerSetupbin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability. 2020-08-14 not yet calculated CVE-2020-15145
MISC
CONFIRM
mozilla — multiple_products
 
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. 2020-08-10 not yet calculated CVE-2020-15659
SUSE
SUSE
SUSE
MISC
MISC
MISC
MISC
MISC
MISC
nginx — njs
 
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be “fluff” in the NGINX use case because there is no remote attack surface. 2020-08-13 not yet calculated CVE-2020-24349
MISC
nginx — njs
 
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. 2020-08-13 not yet calculated CVE-2020-24347
MISC
nginx — njs
 
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. 2020-08-13 not yet calculated CVE-2020-24348
MISC
nim — nim
 
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands. 2020-08-14 not yet calculated CVE-2020-15692
MISC
CONFIRM
nim — nim
 
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. 2020-08-14 not yet calculated CVE-2020-15693
MISC
CONFIRM
nim — nim
 
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length. 2020-08-14 not yet calculated CVE-2020-15694
MISC
CONFIRM
pactware — pactware
 
In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. 2020-08-11 not yet calculated CVE-2020-9404
CONFIRM
palo_alto_networks — pan-os
 
When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server. This technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked. This issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions. This technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls. Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data. This issue is applicable to all current versions of PAN-OS. 2020-08-12 not yet calculated CVE-2020-2035
CONFIRM
CONFIRM
pegasystems — pega_platform
 
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. 2020-08-13 not yet calculated CVE-2019-16374
MISC
MISC
phpjs — phpjs
 
All versions of phpjs are vulnerable to Prototype Pollution via parse_str. 2020-08-14 not yet calculated CVE-2020-7700
CONFIRM
phpjs — phpjs
 
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. 2020-08-14 not yet calculated CVE-2020-7701
CONFIRM
pnotes — andrey_gruber_pnotes.net
 
A File Upload Vulnerability in PNotes – Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous ” External Programs by uploading the malicious .exe file to the external program. 2020-08-14 not yet calculated CVE-2020-22721
MISC
python — python
 
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. 2020-08-14 not yet calculated CVE-2020-15142
MISC
MISC
CONFIRM
MISC
python — python
 
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. 2020-08-14 not yet calculated CVE-2020-15141
MISC
MISC
CONFIRM
MISC
qt — qt
 
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. 2020-08-12 not yet calculated CVE-2020-17507
MISC
MISC
MISC
FEDORA
radare2 — radare2
 
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. 2020-08-11 not yet calculated CVE-2020-17487
MISC
rapid_software — rapid_scada
 
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITYSYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITYSYSTEM by giving the attacker full system access to the remote PC. 2020-08-14 not yet calculated CVE-2020-22722
MISC
readytalk — avian
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-08-12 not yet calculated CVE-2020-17360
MISC
MISC
readytalk — avian
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-08-12 not yet calculated CVE-2020-17361
MISC
MISC
rosariosis — rosariosis
 
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. 2020-08-12 not yet calculated CVE-2020-13278
MISC
MISC
CONFIRM
securepoint — securepoint_ssl_vpn_client
 
A local privilege escalation vulnerability in SPSSLVpnService.exe in Securepoint GmbH from Lueneburg Securepoint SSL VPN Client 2.0.28 allows a local attacker to gain privileges via a crafted malicious exe and perform unauthorized actions. 2020-08-14 not yet calculated CVE-2020-22720
MISC
shenzhen_hichip_vision_technology — multiple_devices
 
Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. 2020-08-10 not yet calculated CVE-2020-9528
MISC
MISC
shenzhen_hichip_vision_technology — multiple_devices
 
Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. 2020-08-10 not yet calculated CVE-2020-9527
MISC
MISC
shenzhen_hichip_vision_technology — multiple_devices
 
Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device’s administrator password. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. 2020-08-10 not yet calculated CVE-2020-9529
MISC
MISC
siemens — automation_license_manager
 
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users’ privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. 2020-08-14 not yet calculated CVE-2020-7583
MISC
siemens — desigo_cc_and_desigo_cc_compact
 
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges. 2020-08-14 not yet calculated CVE-2020-10055
MISC
MISC
siemens — sicam_a8000_rtu_devices A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. 2020-08-14 not yet calculated CVE-2020-15781
MISC
smartcontrol — smartcontrol
 
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) 2020-08-13 not yet calculated CVE-2020-7360
MISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. 2020-08-12 not yet calculated CVE-2020-15868
CONFIRM
spirent — testcenter_and_avalanche
 
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials. 2020-08-13 not yet calculated CVE-2020-11733
MISC
MISC
st_engineering — vpncrypt_m10
 
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module’s Operating System. 2020-08-12 not yet calculated CVE-2020-12107
MISC
MISC
st_engineering — vpncrypt_m10
 
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point. 2020-08-12 not yet calculated CVE-2020-12106
MISC
MISC
textpattern — textpattern
 
In Textpattern 4.5.7, an unprivileged author can change an article’s markup setting. 2020-08-14 not yet calculated CVE-2015-8032
CONFIRM
CONFIRM
textpattern — textpattern
 
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. 2020-08-14 not yet calculated CVE-2015-8033
CONFIRM
CONFIRM
tridium — niagara_and_niagara_enterprise_security A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. 2020-08-13 not yet calculated CVE-2020-14483
MISC
trousers — toursers
 
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. 2020-08-13 not yet calculated CVE-2020-24330
MLIST
MISC
MISC
MISC
trousers — toursers
 
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). 2020-08-13 not yet calculated CVE-2020-24331
MLIST
MISC
MISC
MISC
trousers — toursers
 
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. 2020-08-13 not yet calculated CVE-2020-24332
MLIST
MISC
MISC
MISC
vbulletin — vbulletin
 
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. 2020-08-12 not yet calculated CVE-2020-17496
MISC
MISC
MISC
vmware — concourse
 
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team. 2020-08-12 not yet calculated CVE-2020-5415
CONFIRM
CONFIRM
wireshark — wireshark
 
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. 2020-08-13 not yet calculated CVE-2020-17498
MISC
MISC
MISC
wordpress — worpress
 
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). 2020-08-14 not yet calculated CVE-2019-6112
CONFIRM
MISC
zalo — zalo_desktop
 
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file. 2020-08-13 not yet calculated CVE-2020-16087
MISC
MISC
MISC
zkteco — facedepot_7b_and_zkbiosecurity_server
 
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. 2020-08-14 not yet calculated CVE-2020-17474
MISC
zkteco — facedepot_7b_and_zkbiosecurity_server
 
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. 2020-08-14 not yet calculated CVE-2020-17473
MISC
zoom — zoom
 
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. 2020-08-14 not yet calculated CVE-2020-9767
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.