Original release date: August 10, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — http_server |
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 2020-08-07 | 7.5 | CVE-2020-11984 MLIST MLIST MLIST MLIST MISC GENTOO |
| apache — skywalking |
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | 2020-08-05 | 7.5 | CVE-2020-13921 MLIST MISC MLIST |
| cisco — data_center_network_manager |
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. | 2020-07-31 | 10 | CVE-2020-3382 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. | 2020-07-31 | 9 | CVE-2020-3383 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. | 2020-07-31 | 9 | CVE-2020-3386 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. | 2020-07-31 | 7.5 | CVE-2020-3376 CISCO |
| cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 2020-07-31 | 9 | CVE-2020-3374 CISCO |
| cohesive_networks — vns3:vpn_appliances | The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. | 2020-08-04 | 9 | CVE-2020-15467 MISC MISC |
| digitus — da-70254_4-port_gigabit_network_hub_devices | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15063 MISC |
| ibm — security_verify_access |
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | 2020-08-04 | 7.5 | CVE-2020-4459 XF CONFIRM |
| ibm — websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. | 2020-08-03 | 7.2 | CVE-2020-4534 XF CONFIRM |
|
lindy — 42633_4-port_usb_gigabit_network_server_device |
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15059 MISC |
| php_factory — multiple_products |
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. | 2020-08-04 | 7.5 | CVE-2020-5616 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| teltonika — trb2_r_devices |
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | 2020-08-03 | 9 | CVE-2020-5772 MISC |
| teltonika — trb2_r_devices |
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | 2020-08-03 | 9 | CVE-2020-5771 MISC |
| tp-link — tl-ps310u_devices |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 2020-08-07 | 8.3 | CVE-2020-15055 MISC |
| vmware — kryo_codec |
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the “deserialization gadgets” exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown “deserialization gadgets” when configuring Kryo in code. | 2020-07-31 | 7.5 | CVE-2020-5413 CONFIRM |
| wowza — streaming_engine |
Wowza Streaming Engine through 2019-11-28 has Insecure Permissions. | 2020-08-03 | 7.2 | CVE-2019-19455 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acti– nvr3 |
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. | 2020-08-04 | 5 | CVE-2020-15956 MISC MISC MISC |
| amazon — firecracker |
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. | 2020-08-04 | 4.3 | CVE-2020-16843 MISC |
| amq — online_console |
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2. | 2020-08-03 | 6.8 | CVE-2020-14319 MISC |
| apache — http_server |
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. | 2020-08-07 | 4.3 | CVE-2020-11985 MISC GENTOO |
| apache — http_server |
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above “info” will mitigate this vulnerability for unpatched servers. | 2020-08-07 | 4.3 | CVE-2020-11993 MISC MLIST GENTOO |
| atlassian — jira |
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users’ dashboards. To exploit this vulnerability, an attacker has to be authenticated. | 2020-08-04 | 5.5 | CVE-2020-15943 MISC FULLDISC MISC MISC |
| bitdefender — endpoint_security_for_mac |
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. | 2020-08-03 | 4.6 | CVE-2020-8108 MISC |
| chartkick — chartkick |
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | 2020-08-05 | 4.3 | CVE-2020-16254 MISC MISC |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. | 2020-07-31 | 6.5 | CVE-2020-3462 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. | 2020-07-31 | 6.5 | CVE-2020-3377 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2020-07-31 | 4.3 | CVE-2020-3460 CISCO |
| cisco — data_center_network_manager |
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system. | 2020-07-31 | 6 | CVE-2020-3384 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. | 2020-07-31 | 5 | CVE-2020-3461 CISCO |
| delta_electronics — delta_industrial_automation_cncsoft_screen_editor | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. | 2020-08-04 | 4.3 | CVE-2020-16201 MISC MISC MISC MISC MISC MISC MISC |
| delta_electronics — delta_industrial_automation_cncsoft_screen_editor |
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-04 | 6.8 | CVE-2020-16199 MISC MISC MISC MISC |
| delta_electronics — delta_industrial_automation_cncsoft_screeneditor |
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-04 | 6.8 | CVE-2020-16203 MISC MISC |
| delta_electronics — tpeditor |
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16219 MISC |
| delta_electronics — tpeditor |
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16225 MISC |
| delta_electronics — tpeditor |
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16221 MISC |
| delta_electronics — tpeditor |
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16227 MISC |
| delta_electronics — tpeditor |
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | 2020-08-07 | 6.8 | CVE-2020-16223 MISC |
| digitus — da-7054_4-port_gigabit_network_hub_devices | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15065 MISC |
| extreme_networks — eac_applications |
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | 2020-08-05 | 4.3 | CVE-2020-13819 CONFIRM MISC MISC |
| extreme_networks — extreme_management_center |
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | 2020-08-03 | 4.3 | CVE-2020-13820 MISC MISC MISC MISC |
| fanuc — i_series_cnc |
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | 2020-08-03 | 5 | CVE-2020-12739 JVN MISC JVN MISC |
| field_test — field_test |
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | 2020-08-05 | 4.3 | CVE-2020-16252 MISC MISC |
| hmtalk — daviewindy |
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | 2020-08-04 | 6.8 | CVE-2020-7822 MISC MISC |
| hmtalk — daviewindy |
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | 2020-08-04 | 6.8 | CVE-2020-7823 MISC MISC |
| huawei — fusioncomput |
Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. | 2020-07-31 | 4.6 | CVE-2020-9248 MISC |
| ibm — cognos_analytics |
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. | 2020-08-03 | 6.4 | CVE-2020-4377 XF CONFIRM |
| ibm — cognos_analytics |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the “My schedules and subscriptions” page is visible and accessible to a less privileged user. IBM X-Force ID: 167449. | 2020-08-03 | 4 | CVE-2019-4589 XF CONFIRM |
| ibm — cognos_analytics |
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. | 2020-08-03 | 5 | CVE-2019-4366 XF CONFIRM |
| ibm — financial_transaction_manager |
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2020-08-03 | 4.3 | CVE-2020-4560 XF CONFIRM |
| ibm — financial_transaction_manager |
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839. | 2020-08-03 | 6.5 | CVE-2020-4328 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319. | 2020-08-03 | 6.9 | CVE-2020-4551 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317. | 2020-08-03 | 6.9 | CVE-2020-4549 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322. | 2020-08-03 | 6.9 | CVE-2020-4554 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320. | 2020-08-03 | 6.9 | CVE-2020-4552 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318. | 2020-08-03 | 6.9 | CVE-2020-4550 XF CONFIRM |
| ibm — i2_analyst_notebook |
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321. | 2020-08-03 | 6.9 | CVE-2020-4553 XF CONFIRM |
| ibm — jazz_foundation_and_engineering_products |
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539. | 2020-08-04 | 4 | CVE-2020-4410 XF CONFIRM |
| ibm– security_identity_governance_and_intelligence |
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. | 2020-08-05 | 4.3 | CVE-2020-4243 XF CONFIRM |
| jeedom — jeedom |
Jeedom through 4.0.38 allows XSS. | 2020-08-05 | 4.3 | CVE-2020-9036 MISC |
| kde — ark |
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | 2020-08-03 | 6.8 | CVE-2020-16116 MISC CONFIRM CONFIRM FEDORA GENTOO CONFIRM |
| kee_vault — keepassrpc |
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | 2020-08-03 | 6.4 | CVE-2020-16271 MISC MISC |
| kee_vault — keepassrpc |
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection. | 2020-08-03 | 6.4 | CVE-2020-16272 MISC MISC |
| libx11 — libx11 |
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. | 2020-08-05 | 4.6 | CVE-2020-14344 SUSE SUSE CONFIRM MISC MISC |
| limesurvey — limesurvey |
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. | 2020-08-05 | 4.3 | CVE-2020-16192 MISC |
| lindy — 42633_4-port_usb_gigabit_network_server_devices | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15061 MISC |
| linux — etcd |
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users’ passwords with little computational effort. | 2020-08-06 | 5 | CVE-2020-15115 CONFIRM |
| linux — etcd |
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. | 2020-08-06 | 4 | CVE-2020-15114 CONFIRM |
| nlnet_labs — routinator |
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation “.roa” files or X509 Certificate Revocation List files from the RPKI relying party’s view. | 2020-08-05 | 5.8 | CVE-2020-17366 MISC |
| ocportal — ocportal |
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. | 2020-08-03 | 4.3 | CVE-2015-9549 MISC MISC |
| pghero_gem_for_ruby_on_rails — pghero_gem_for_ruby_on_rails | The PgHero gem through 2.6.0 for Ruby allows CSRF. | 2020-08-05 | 5.8 | CVE-2020-16253 MISC MISC |
| php_factory — calendar01_and_calendar02 | Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2020-08-04 | 6.8 | CVE-2020-5615 MISC MISC MISC |
| plesk — obsidian |
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 2020-08-03 | 4.3 | CVE-2020-11583 MISC |
| plesk — onyx | A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 2020-08-03 | 4.3 | CVE-2020-11584 MISC |
| radare2 — radare2 |
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | 2020-08-03 | 4.3 | CVE-2020-16269 MISC |
| richoh — streamline_nx_client_tool_and_streamline_nx_client |
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | 2020-08-04 | 4.6 | CVE-2019-20001 MISC MISC |
| skysea — client_view |
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | 2020-08-04 | 4.6 | CVE-2020-5617 MISC MISC |
| sulu — sulu |
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the “Forget password” feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the “Forgot Password” request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1. | 2020-08-05 | 5 | CVE-2020-15132 CONFIRM |
| teltonika — trb2_r_devices |
Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | 2020-08-03 | 6.5 | CVE-2020-5773 MISC |
| teltonika — trb2_r_devices |
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 2020-08-03 | 6.8 | CVE-2020-5770 MISC |
| tgstation-server — tgstation-server |
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. | 2020-07-31 | 6.8 | CVE-2020-16136 MISC MISC |
| tiki — tiki |
Tiki before 21.2 allows XSS because [s/”‘] is not properly considered in lib/core/TikiFilter/PreventXss.php. | 2020-08-03 | 4.3 | CVE-2020-16131 MISC MISC |
| tp-link — tl-ps310u_devices |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 2020-08-07 | 6.1 | CVE-2020-15057 MISC |
| vmware — gemfire |
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. | 2020-07-31 | 6.5 | CVE-2020-5396 CONFIRM |
| vmware — tanzu_application_service |
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. | 2020-07-31 | 6 | CVE-2020-5414 CONFIRM |
| wowza — streaming_engine |
Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2). | 2020-08-03 | 4.3 | CVE-2019-19453 MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| check_point — zonealarm_anti-ransomware |
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. | 2020-08-04 | 1.9 | CVE-2020-6012 MISC MISC MISC |
| digitus — da-70254_4-port_gigabit_network_hub_devices |
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15062 MISC |
| digitus — da-70254_4-port_gigabit_network_hub_devices |
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15064 MISC |
| gantt-chart — gantt-chart |
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated. | 2020-08-04 | 3.5 | CVE-2020-15944 MISC FULLDISC MISC MISC |
| grub2 — grub2 |
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. | 2020-07-31 | 3.6 | CVE-2020-14311 SUSE SUSE CONFIRM UBUNTU |
| grub2 — grub2 |
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX – 1 length in bytes but it doesn’t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | 2020-07-31 | 3.6 | CVE-2020-14310 SUSE SUSE CONFIRM UBUNTU |
| huawei — p30_smartphones | HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11). | 2020-07-31 | 3.3 | CVE-2020-9249 MISC |
| ibm — jazz_foundation_and_engineering | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435. | 2020-08-04 | 3.5 | CVE-2020-4525 XF CONFIRM |
| ibm — jazz_foundation_and_engineering |
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179359. | 2020-08-04 | 3.5 | CVE-2020-4396 XF CONFIRM |
| ibm — jazz_foundation_and_engineering |
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046. | 2020-08-04 | 3.5 | CVE-2020-4542 XF CONFIRM |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. | 2020-08-04 | 1.9 | CVE-2020-4631 XF CONFIRM |
| lindy — 42633_4-port_usb_gigabit_network_server_devices |
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15060 MISC |
| lindy — 42633_4-port_usb_gigabit_network_server_devices |
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15058 MISC |
| linux — etcd |
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | 2020-08-05 | 3.6 | CVE-2020-15113 CONFIRM |
| mcafee — total_protection |
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | 2020-08-05 | 3.6 | CVE-2020-7298 MISC |
| october — october_cms |
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468). | 2020-07-31 | 3.5 | CVE-2020-15128 MISC MISC CONFIRM |
| softperfect — ram_disk |
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-08-04 | 2.1 | CVE-2020-13523 MISC |
| softperfect — ram_disk |
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-08-04 | 3.6 | CVE-2020-13522 MISC |
| tp-link — usb_network_server_tl-ps310u_devices | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 2020-08-07 | 3.3 | CVE-2020-15054 MISC |
| tp-link — usb_network_server_tl-ps310u_devices | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2020-08-07 | 2.3 | CVE-2020-15056 MISC |
| vmware — vsphere_and_windows |
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). | 2020-08-03 | 2.1 | CVE-2020-8575 MISC |
| x.org_project — xorg-server |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. | 2020-08-05 | 2.1 | CVE-2020-14347 CONFIRM MISC MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| activesoft — mybrowserplus |
MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | 2020-08-06 | not yet calculated | CVE-2020-7817 MISC MISC |
| advantech — webaccess_hmi_designer | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | 2020-08-06 | not yet calculated | CVE-2020-16215 MISC |
| advantech — webaccess_hmi_designer | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | 2020-08-06 | not yet calculated | CVE-2020-16211 MISC |
| advantech — webaccess_hmi_designer |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | 2020-08-06 | not yet calculated | CVE-2020-16207 MISC |
| advantech — webaccess_hmi_designer |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | 2020-08-06 | not yet calculated | CVE-2020-16229 MISC |
| advantech — webaccess_hmi_designer |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | 2020-08-06 | not yet calculated | CVE-2020-16217 MISC |
| advantech — webaccess_hmi_designer |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | 2020-08-06 | not yet calculated | CVE-2020-16213 MISC |
| aerospike — aerospike_community_edition |
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. | 2020-08-05 | not yet calculated | CVE-2020-13151 MISC MISC MISC MISC |
| apache — http_server |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via “H2Push off” will mitigate this vulnerability for unpatched servers. | 2020-08-07 | not yet calculated | CVE-2020-9490 MISC MLIST GENTOO |
| atlassian — fisheye |
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3. | 2020-08-05 | not yet calculated | CVE-2017-18112 MISC |
| avaya — ip_office |
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | 2020-08-07 | not yet calculated | CVE-2019-7005 CONFIRM |
| canonical — apport_package |
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. | 2020-08-06 | not yet calculated | CVE-2020-15701 CONFIRM CONFIRM |
| canonical — apport_package |
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. | 2020-08-06 | not yet calculated | CVE-2020-15702 CONFIRM |
| cayin_technology — cayin_cms |
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘NTP_Server_IP’ HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. | 2020-08-06 | not yet calculated | CVE-2020-7357 IBM MISC MISC |
| cayin_technology — xpost |
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter ‘wayfinder_seqid’ in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. | 2020-08-06 | not yet calculated | CVE-2020-7356 MISC MISC |
| easycorp — zentao_pro |
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its ‘/pro/repo-create.html’ component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter ‘path’, and those commands will run in an elevated SYSTEM context on the underlying Windows operating system. | 2020-08-06 | not yet calculated | CVE-2020-7361 MISC |
| extreme_networks — extreme_management_center | Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | 2020-08-04 | not yet calculated | CVE-2020-16847 MISC MISC |
| freebsd — freebsd |
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. | 2020-08-06 | not yet calculated | CVE-2020-7459 MISC |
| freebsd — freebsd |
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation. | 2020-08-06 | not yet calculated | CVE-2020-7460 MISC MISC |
| gog — galaxy |
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | 2020-08-06 | not yet calculated | CVE-2020-7352 MISC MISC |
| golang — go |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | 2020-08-06 | not yet calculated | CVE-2020-16845 MISC CONFIRM |
| handysoft — groupware |
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | 2020-08-07 | not yet calculated | CVE-2020-7810 MISC MISC |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848. | 2020-08-05 | not yet calculated | CVE-2020-4481 XF CONFIRM |
| ivanti — dsm_netinst |
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | 2020-08-06 | not yet calculated | CVE-2020-13793 MISC MISC |
| ivanti — service_manager_heat_remote_control |
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet. | 2020-08-06 | not yet calculated | CVE-2020-12441 MISC MISC |
| jetbrains — kotlin |
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. | 2020-08-08 | not yet calculated | CVE-2020-15824 MISC MISC |
| jetbrains — teamcity |
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | 2020-08-08 | not yet calculated | CVE-2020-15829 MISC MISC |
| jetbrains — teamcity |
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | 2020-08-08 | not yet calculated | CVE-2020-15826 MISC MISC |
| jetbrains — teamcity |
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users’ privileges. | 2020-08-08 | not yet calculated | CVE-2020-15825 MISC MISC |
| jetbrains — teamcity |
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | 2020-08-08 | not yet calculated | CVE-2020-15831 MISC MISC |
| jetbrains — teamcity |
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | 2020-08-08 | not yet calculated | CVE-2020-15830 MISC MISC |
| jetbrains — teamcity |
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | 2020-08-08 | not yet calculated | CVE-2020-15828 MISC MISC |
| jetbrains — toolbox |
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | 2020-08-08 | not yet calculated | CVE-2020-15827 MISC MISC |
| jetbrains — upsource |
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | 2020-08-08 | not yet calculated | CVE-2019-19704 MISC MISC |
| jetbrains — youtrack | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | 2020-08-08 | not yet calculated | CVE-2020-15823 MISC MISC |
| jetbrains — youtrack |
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | 2020-08-08 | not yet calculated | CVE-2020-15818 MISC MISC |
| jetbrains — youtrack |
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | 2020-08-08 | not yet calculated | CVE-2020-15817 MISC MISC |
| jetbrains — youtrack |
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | 2020-08-08 | not yet calculated | CVE-2020-15821 MISC MISC |
| jetbrains — youtrack |
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | 2020-08-08 | not yet calculated | CVE-2020-15819 MISC MISC |
| jetbrains — youtrack |
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | 2020-08-08 | not yet calculated | CVE-2020-15820 MISC MISC |
| lilypond — lilypond |
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | 2020-08-05 | not yet calculated | CVE-2020-17353 MISC |
| linux — ectd |
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the –endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. | 2020-08-06 | not yet calculated | CVE-2020-15136 MISC CONFIRM |
| linux — etcd | In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. | 2020-08-05 | not yet calculated | CVE-2020-15112 CONFIRM |
| linux — etcd |
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. | 2020-08-05 | not yet calculated | CVE-2020-15106 CONFIRM |
| mahara — mahara | In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. | 2020-08-07 | not yet calculated | CVE-2020-15907 MISC MISC |
| micro_focus — secure_messaging_gateway | DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. | 2020-08-07 | not yet calculated | CVE-2020-11852 MISC |
| netapp — active_iq_unified_manager_for_linux | Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | 2020-08-03 | not yet calculated | CVE-2020-8574 MISC |
| netflix — spring_cloud |
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. | 2020-08-07 | not yet calculated | CVE-2020-5412 CONFIRM |
| neztore — save-server |
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user’s files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7. | 2020-08-04 | not yet calculated | CVE-2020-15135 CONFIRM MISC MISC |
| passmark — burnintest_and_osforensics_and_performance_test |
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver’s IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | 2020-08-07 | not yet calculated | CVE-2020-15479 MISC MISC MISC MISC |
| passmark — burnintest_and_osforensics_and_performancetest |
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | 2020-08-07 | not yet calculated | CVE-2020-15480 MISC MISC MISC MISC |
| prism — prism |
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | 2020-08-07 | not yet calculated | CVE-2020-15138 MISC CONFIRM MISC |
| project_contour — contour |
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy’s shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which removes Envoy from the routing pool. When running Envoy (For example on the host network, pod spec hostNetwork=true), the shutdown manager’s endpoint is accessible to anyone on the network that can reach the Kubernetes node that’s running Envoy. There is no authentication in place that prevents a rogue actor on the network from shutting down Envoy via the shutdown manager endpoint. Successful exploitation of this issue will lead to bad actors shutting down all instances of Envoy, essentially killing the entire ingress data plane. This is fixed in version 1.7.0. | 2020-08-05 | not yet calculated | CVE-2020-15127 MISC CONFIRM |
| quadra_informatique — atos-magento |
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. | 2020-08-05 | not yet calculated | CVE-2020-13404 MISC MISC MISC |
| securenvoy — securmail |
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | 2020-08-07 | not yet calculated | CVE-2020-13376 MISC MISC |
| solidus — solidus |
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section. | 2020-08-04 | not yet calculated | CVE-2020-15109 MISC CONFIRM |
| sophos — xg_firewall | Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 2020-08-07 | not yet calculated | CVE-2020-17352 MISC MISC |
| suse — multiple_products |
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. | 2020-08-07 | not yet calculated | CVE-2020-8025 CONFIRM |
| suse — multiple_products |
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. | 2020-08-07 | not yet calculated | CVE-2020-8026 CONFIRM |
| swisscom — multiple_products |
An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device’s plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser. | 2020-08-04 | not yet calculated | CVE-2020-16134 MISC MISC |
| temi — launcher_os |
Temi Launcher OS 11969 through 13146 has Missing Authentication for a Critical Function. | 2020-08-07 | not yet calculated | CVE-2020-16167 MISC MISC |
| temi — multiple_devices |
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error. | 2020-08-07 | not yet calculated | CVE-2020-16168 MISC MISC |
| temi — robox_os | Temi Robox OS 117.21 through 119.24 allows Authentication Bypass via an Alternate Path or Channel. | 2020-08-07 | not yet calculated | CVE-2020-16169 MISC MISC |
| trend_micro — multiple_products |
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. | 2020-08-05 | not yet calculated | CVE-2020-8607 N/A N/A N/A N/A |
| usvn — user-friendly_svn | USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | 2020-08-05 | not yet calculated | CVE-2020-17364 MISC MISC |
| whoopsie_project — whoopsie |
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1. | 2020-08-06 | not yet calculated | CVE-2020-11937 CONFIRM CONFIRM CONFIRM |
| yokogawa — multiple_products |
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. | 2020-08-05 | not yet calculated | CVE-2020-5608 MISC MISC |
| yokogawa — multiple_products |
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. | 2020-08-05 | not yet calculated | CVE-2020-5609 MISC MISC |
| zyxel — multiple_products |
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | 2020-08-06 | not yet calculated | CVE-2020-13364 MISC MISC |
| zyxel — multiple_products |
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | 2020-08-06 | not yet calculated | CVE-2020-13365 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.