Original release date: December 21, 2020
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2020-12-16 | 10 | CVE-2019-14482 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | 2020-12-16 | 9 | CVE-2019-14479 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys’ passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | 2020-12-16 | 9 | CVE-2019-14483 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | 2020-12-16 | 7.5 | CVE-2019-14480 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-24338 MISC MISC |
| apache — struts | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25. | 2020-12-11 | 7.5 | CVE-2020-17530 JVN CONFIRM |
| appbase — streams | The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password. | 2020-12-16 | 10 | CVE-2020-35468 MISC |
| arubanetworks — arubaos | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24633 CONFIRM |
| arubanetworks — arubaos | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24634 CONFIRM |
| arubanetworks — arubaos | Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 9 | CVE-2020-24637 CONFIRM |
| askey — ap5100w_firmware | Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 2020-12-11 | 10 | CVE-2020-15357 MISC MISC MISC |
| blackfire — blackfire | The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35466 MISC |
| car_rental_management_system_project — car_rental_management_system | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the “page” parameter, to cause local file inclusion resulting in code execution. | 2020-12-14 | 7.5 | CVE-2020-29227 MISC MISC |
| citrix — gateway_plug-in | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 2020-12-14 | 7.5 | CVE-2020-8257 MISC |
| citrix — virtual_apps_and_desktops | An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 2020-12-14 | 9 | CVE-2020-8283 MISC |
| connection-tester_project — connection-tester | This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | 2020-12-16 | 7.5 | CVE-2020-7781 CONFIRM CONFIRM |
| contiki-ng — contiki-ng | An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn’t verify whether the address in the answer’s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled. | 2020-12-11 | 7.5 | CVE-2020-24336 MISC MISC |
| contiki-os — contiki-os | An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | 2020-12-11 | 7.5 | CVE-2020-25111 MISC MISC |
| contiki-os — contiki-os | An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | 2020-12-11 | 7.5 | CVE-2020-25112 MISC MISC |
| corenlp-js-interface_project — corenlp-js-interface | All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. | 2020-12-11 | 7.5 | CVE-2020-28440 CONFIRM |
| corenlp-js-prefab_project — corenlp-js-prefab | This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in ‘index.js.’ It depends on a vulnerable package ‘corenlp-js-interface.’ Vulnerability can be exploited with the following PoC: | 2020-12-11 | 7.5 | CVE-2020-28439 CONFIRM |
| coscale_agent_project — coscale_agent | Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35462 MISC |
| datatables — datatables.net | All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | 2020-12-16 | 7.5 | CVE-2020-28458 MISC MISC MISC MISC MISC MISC |
| dlink — dsr-150_firmware | An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. | 2020-12-15 | 9 | CVE-2020-25759 MISC MISC MISC |
| dlink — dsr-150_firmware | An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | 2020-12-15 | 9 | CVE-2020-25758 MISC MISC MISC |
| dlink — dsr-150_firmware | A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. | 2020-12-15 | 8.3 | CVE-2020-25757 MISC MISC MISC |
| docker — adminer | The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35186 MISC |
| docker — composer | The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35184 MISC |
| docker — docs | The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35467 MISC |
| docker — ghost_alpine_docker_image | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35185 MISC |
| docker — haproxy | The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35195 MISC |
| docker — memcached | The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35197 MISC |
| docker — rabbitmq | The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35196 MISC |
| docker — registry | Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | 2020-12-11 | 10 | CVE-2020-29591 MISC MISC MISC |
| drupal — drupal_docker_images | The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35191 MISC |
| epson — eps_tse_server_8_firmware | Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | 2020-12-16 | 7.5 | CVE-2020-28929 MISC |
| ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-25110 MISC MISC |
| ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has ‘�’ termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-25107 MISC MISC |
| ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-25108 MISC MISC |
| ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-25109 MISC MISC |
| f5 — nginx_controller | In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | 2020-12-11 | 7.5 | CVE-2020-27730 CONFIRM |
| fullarmor — hapi_file_share_mount | The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35465 MISC |
| gehealthcare — 3.0t_signa_hdxt_firmware | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | 2020-12-14 | 7.5 | CVE-2020-25179 MISC |
| golang — go | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | 2020-12-14 | 7.5 | CVE-2020-29511 MISC |
| golang — go | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | 2020-12-14 | 7.5 | CVE-2020-29510 MISC |
| golang — go | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | 2020-12-14 | 7.5 | CVE-2020-29509 MISC |
| google — android | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | 2020-12-18 | 7.5 | CVE-2020-35550 MISC |
| google — android | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel | 2020-12-14 | 7.2 | CVE-2020-0444 MISC |
| google — android | In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162627132 | 2020-12-14 | 7.2 | CVE-2020-0440 MISC |
| google — android | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). | 2020-12-18 | 7.5 | CVE-2020-35551 MISC |
| google — android | In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel | 2020-12-14 | 7.2 | CVE-2020-0465 MISC |
| google — android | In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | 2020-12-14 | 7.2 | CVE-2020-0016 MISC |
| google — android | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | 2020-12-14 | 7.2 | CVE-2020-0466 MISC |
| google — android | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562 | 2020-12-14 | 7.5 | CVE-2020-0457 MISC |
| google — android | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843 | 2020-12-14 | 7.5 | CVE-2020-0456 MISC |
| google — android | An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020). | 2020-12-18 | 7.8 | CVE-2020-35553 MISC |
| google — android | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514 | 2020-12-14 | 7.5 | CVE-2020-0455 MISC |
| google — android | In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510 | 2020-12-14 | 9.3 | CVE-2020-0099 MISC |
| google — android | In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164 | 2020-12-14 | 9.3 | CVE-2020-0458 MISC |
| hashicorp — vault | The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35192 MISC |
| hcltech — domino | A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. | 2020-12-14 | 10 | CVE-2020-14244 MISC |
| hcltech — notes | A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client. | 2020-12-14 | 10 | CVE-2020-14268 MISC |
| hosteng — h0-ecom100_firmware | The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device. | 2020-12-15 | 7.8 | CVE-2020-25195 MISC |
| ibm — connect | IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516. | 2020-12-15 | 7.5 | CVE-2020-4747 XF CONFIRM |
| ibm — resilient_security_orchestration_automation_and_response | IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | 2020-12-11 | 9 | CVE-2020-4633 XF CONFIRM |
| influxdata — chronograf | The official chronograf docker images before 1.7.7-alpine (Alpine specific) contain a blank password for a root user. System using the chronograf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35188 MISC |
| influxdata — influxdb | The official influxdb docker images before 1.7.3-meta-alpine (Alpine specific) contain a blank password for a root user. System using the influxdb docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35194 MISC |
| influxdata — kapacitor | Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password. | 2020-12-11 | 10 | CVE-2020-29589 MISC MISC MISC MISC MISC |
| influxdata — telegraf | The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35187 MISC |
| instana — dynamic_apm | Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35463 MISC |
| js-data — js-data | All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. | 2020-12-15 | 7.5 | CVE-2020-28442 MISC MISC MISC MISC |
| jsonparser_project — jsonparser | jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | 2020-12-15 | 7.8 | CVE-2020-35381 MISC |
| jsonpickle_project — jsonpickle | jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. | 2020-12-17 | 7.5 | CVE-2020-22083 MISC MISC MISC MISC |
| kong — kong_alpine_docker_image | The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35189 MISC |
| liftoffsoftware — gateone | GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. | 2020-12-14 | 7.5 | CVE-2020-20184 MISC |
| linux — linux_kernel | A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation. | 2020-12-11 | 7.2 | CVE-2020-27786 MISC MISC |
| macally — wifisd2-2a82_firmware | In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise. | 2020-12-14 | 9 | CVE-2020-29669 MISC MISC MISC |
| medtronic — mycarelink_smart_model_25000_firmware | Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device. | 2020-12-14 | 9.3 | CVE-2020-27252 MISC |
| medtronic — mycarelink_smart_model_25000_firmware | Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device. | 2020-12-14 | 10 | CVE-2020-25187 MISC |
| mobileviewpoint — wireless_multiplex_terminal_playout_server | The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of “pokon.” | 2020-12-14 | 7.5 | CVE-2020-35338 MISC MISC |
| moutjs — mout | This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn ‘mixes objects into the target object, recursively mixing existing child objects as well’. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution. | 2020-12-11 | 7.5 | CVE-2020-7792 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| newpk_project — newpk | SQL Injection vulnerability in NewPK 1.1 via the title parameter to adminnewpost.php. | 2020-12-14 | 7.5 | CVE-2020-20189 MISC |
| ni — compactrio_firmware | Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | 2020-12-11 | 7.8 | CVE-2020-25191 MISC |
| online_bus_ticket_reservation_project — online_bus_ticket_reservation | SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | 2020-12-14 | 7.5 | CVE-2020-35378 MISC |
| opener_project — opener | An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2020-12-11 | 7.5 | CVE-2020-13556 CONFIRM |
| opentsdb — opentsdb | A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | 2020-12-16 | 7.5 | CVE-2020-35476 MISC |
| phpshe — phpshe | PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. | 2020-12-11 | 7.5 | CVE-2020-19165 MISC |
| plone — plone | The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35190 MISC |
| quantconnect — lean | QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. | 2020-12-14 | 7.5 | CVE-2020-20136 MISC |
| schneider-electric — bmxp341000_firmware | A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. | 2020-12-11 | 7.8 | CVE-2020-7536 MISC CONFIRM |
| schneider-electric — bmxp341000_firmware | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | 2020-12-11 | 7.5 | CVE-2020-7540 CONFIRM |
| schneider-electric — easergy_t300_firmware | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. | 2020-12-11 | 7.5 | CVE-2020-28215 MISC CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | 2020-12-14 | 10 | CVE-2020-25228 CONFIRM |
| silver-peak — ecos | The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0. | 2020-12-11 | 8.5 | CVE-2020-12149 MISC |
| silver-peak — ecos | A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0. | 2020-12-11 | 8.5 | CVE-2020-12148 MISC |
| softwareag — terracotta_server_oss | The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password. | 2020-12-16 | 10 | CVE-2020-35469 MISC |
| solarwinds — n-central | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root. | 2020-12-16 | 9 | CVE-2020-25617 MISC MISC MISC |
| soliton — filezen | Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed. | 2020-12-14 | 10 | CVE-2020-5639 MISC MISC MISC |
| sonarsource — sonarqube | The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-16 | 10 | CVE-2020-35193 MISC |
| sophos — cyberoamos | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | 2020-12-11 | 7.5 | CVE-2020-29574 MISC MISC |
| systeminformation — systeminformation | In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix. | 2020-12-16 | 7.5 | CVE-2020-26274 MISC CONFIRM MISC |
| teamspeak — teamspeak_docker_image | Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password. | 2020-12-11 | 10 | CVE-2020-29590 MISC MISC MISC MISC |
| uip_project — uip | An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures. | 2020-12-11 | 7.5 | CVE-2020-17438 MISC MISC |
| uip_project — uip | An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning. | 2020-12-11 | 7.5 | CVE-2020-17439 MISC MISC |
| weave — cloud_agent | Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35464 MISC |
| westerndigital — my_cloud_os_5 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. | 2020-12-12 | 7.5 | CVE-2020-29563 CONFIRM MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | 2020-12-15 | 7.2 | CVE-2020-29479 DEBIAN MISC |
| xen — xen | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. | 2020-12-15 | 7.2 | CVE-2020-29569 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. | 2020-12-16 | 5.8 | CVE-2019-14481 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | 2020-12-16 | 4 | CVE-2019-14476 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn’t check whether the ICMPv6 echo request packet’s size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c. | 2020-12-11 | 5 | CVE-2020-17443 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c. | 2020-12-11 | 5 | CVE-2020-17442 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. | 2020-12-11 | 5 | CVE-2020-24340 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. | 2020-12-11 | 5 | CVE-2020-24339 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c). | 2020-12-11 | 6.4 | CVE-2020-17441 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c. | 2020-12-11 | 5 | CVE-2020-24337 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak. | 2020-12-11 | 6.4 | CVE-2020-24341 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c. | 2020-12-11 | 5 | CVE-2020-17445 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn’t check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c. | 2020-12-11 | 5 | CVE-2020-17444 MISC MISC |
| alumni_management_system_project — alumni_management_system | A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | 2020-12-15 | 6.5 | CVE-2020-28072 MISC |
| amazee — lagoon | The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. | 2020-12-14 | 5 | CVE-2020-35236 MISC MISC MISC MISC |
| apache — airflow | In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | 2020-12-14 | 5 | CVE-2020-17513 MISC |
| apache — airflow | The “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. | 2020-12-11 | 4.3 | CVE-2020-17515 MLIST MLIST MLIST MLIST MISC MLIST |
| apache — airflow | In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. | 2020-12-14 | 4 | CVE-2020-17511 MISC |
| askey — ap5100w_firmware | Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network. | 2020-12-11 | 4.3 | CVE-2020-15023 MISC CONFIRM MISC |
| awstats — awstats | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. | 2020-12-12 | 5 | CVE-2020-35176 MISC |
| bitdefender — antivirus_plus | An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. | 2020-12-14 | 4.3 | CVE-2020-15733 CONFIRM |
| brocade — fabric_os | Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. | 2020-12-11 | 4.6 | CVE-2020-15375 CONFIRM |
| brocade — fabric_os | Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with “user” privileges if it is not associated with any groups. | 2020-12-11 | 4 | CVE-2020-15376 CONFIRM |
| citrix — gateway_plug-in | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | 2020-12-14 | 5 | CVE-2020-8258 MISC |
| classroombookings — classroombookings | SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | 2020-12-14 | 6.5 | CVE-2020-35382 MISC |
| cmsmadesimple — cms_made_simple | Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. | 2020-12-17 | 4.3 | CVE-2020-20138 MISC |
| contiki-ng — contiki-ng | An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. | 2020-12-11 | 5 | CVE-2020-13988 MISC MISC |
| contiki-os — contiki | An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | 2020-12-11 | 5 | CVE-2020-13985 MISC MISC |
| contiki-os — contiki | An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c. | 2020-12-11 | 5 | CVE-2020-13984 MISC MISC |
| contiki-os — contiki | An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | 2020-12-11 | 5 | CVE-2020-13986 MISC MISC |
| contiki-os — contiki | An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | 2020-12-11 | 5 | CVE-2020-13987 MISC MISC |
| dell — bsafe_micro_edition_suite | Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. | 2020-12-16 | 5 | CVE-2020-5359 MISC |
| dell — bsafe_micro_edition_suite | Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. | 2020-12-16 | 5 | CVE-2020-5360 MISC |
| directoriespro — directories_pro | A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. | 2020-12-14 | 4.3 | CVE-2020-29304 MISC FULLDISC MISC MISC |
| directoriespro — directories_pro | A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token. | 2020-12-14 | 4.3 | CVE-2020-29303 MISC FULLDISC CONFIRM MISC |
| eclipse — che | A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn’t properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim’s workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2020-12-14 | 6.8 | CVE-2020-14368 MISC |
| egavilanmedia — barcodes_generator | EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | 2020-12-15 | 4.3 | CVE-2020-35396 MISC MISC MISC |
| egavilanmedia — expense_management_system | XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the ‘description’ field | 2020-12-15 | 4.3 | CVE-2020-35395 MISC MISC |
| envoyproxy — envoy | Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | 2020-12-15 | 5.8 | CVE-2020-35470 MISC MISC MISC |
| envoyproxy — envoy | Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | 2020-12-15 | 5 | CVE-2020-35471 MISC MISC MISC |
| epson — eps_tse_server_8_firmware | Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | 2020-12-16 | 6.8 | CVE-2020-28931 MISC |
| ethereum — go_ethereum | Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | 2020-12-11 | 4 | CVE-2020-26264 MISC MISC MISC CONFIRM |
| f5 — big-ip_access_policy_manager | On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. | 2020-12-11 | 5 | CVE-2020-5949 CONFIRM |
| f5 — big-ip_access_policy_manager | On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. | 2020-12-11 | 6.8 | CVE-2020-5948 CONFIRM |
| f5 — big-ip_advanced_firewall_manager | In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory. | 2020-12-11 | 5 | CVE-2020-27713 CONFIRM |
| f5 — big-ip_advanced_firewall_manager | On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. | 2020-12-11 | 5 | CVE-2020-5950 MISC CONFIRM |
| fasterxml — jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | 2020-12-17 | 6.8 | CVE-2020-35490 MISC MISC |
| fasterxml — jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | 2020-12-17 | 6.8 | CVE-2020-35491 MISC MISC |
| fleetdm — fleet | Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go’s standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users that configure Fleet with SSO login may be vulnerable to this issue. This issue is patched in 3.5.1. The fix was made using https://github.com/mattermost/xml-roundtrip-validator If upgrade to 3.5.1 is not possible, users should disable SSO authentication in Fleet. | 2020-12-17 | 6.8 | CVE-2020-26276 MISC MISC CONFIRM MISC MISC |
| flexmonster — pivot_table_&_charts | Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. | 2020-12-17 | 4.3 | CVE-2020-20140 MISC |
| flexmonster — pivot_table_&_charts | Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | 2020-12-17 | 4.3 | CVE-2020-20139 MISC |
| flexmonster — pivot_table_&_charts | Cross Site Scripting (XSS) vulnerability in the “To Remote CSV” component under “Open” Menu in Flexmonster Pivot Table & Charts 2.7.17. | 2020-12-17 | 4.3 | CVE-2020-20142 MISC |
| flexmonster — pivot_table_&_charts | Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | 2020-12-17 | 4.3 | CVE-2020-20141 MISC |
| fnet_project — fnet | An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn’t have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service. | 2020-12-11 | 5 | CVE-2020-17469 CONFIRM MISC MISC |
| fnet_project — fnet | An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. | 2020-12-11 | 5 | CVE-2020-17470 CONFIRM MISC MISC |
| fnet_project — fnet | An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn’t check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service. | 2020-12-11 | 5 | CVE-2020-17468 CONFIRM MISC MISC |
| fnet_project — fnet | An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn’t check for proper ‘�’ termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service. | 2020-12-11 | 6.4 | CVE-2020-24383 MISC MISC |
| fnet_project — fnet | An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn’t check for ‘�’ termination. Therefore, the deduced length of the hostname doesn’t reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN. | 2020-12-11 | 6.4 | CVE-2020-17467 CONFIRM MISC MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). | 2020-12-15 | 4.3 | CVE-2020-28203 MISC |
| frappe — frappe | Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. | 2020-12-11 | 5 | CVE-2020-35175 MISC MISC |
| frappe — frappe | In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | 2020-12-11 | 5 | CVE-2020-27508 MISC MISC |
| gallagher — command_centre | Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. | 2020-12-14 | 6.5 | CVE-2020-16103 MISC |
| gallagher — command_centre | Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. | 2020-12-14 | 6.4 | CVE-2020-16102 MISC |
| gallagher — command_centre | SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with ‘Edit Enterprise Data Interfaces’ privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | 2020-12-14 | 6.5 | CVE-2020-16104 MISC |
| gehealthcare — 3.0t_signa_hdxt_firmware | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | 2020-12-14 | 5 | CVE-2020-25175 MISC |
| gitlab — gitlab | Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | 2020-12-11 | 4 | CVE-2020-26415 CONFIRM MISC |
| gitlab — gitlab | Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | 2020-12-11 | 4 | CVE-2020-26412 CONFIRM MISC |
| gitlab — gitlab | Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7. | 2020-12-11 | 5 | CVE-2020-26417 CONFIRM MISC |
| gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. | 2020-12-11 | 5 | CVE-2020-26413 CONFIRM MISC MISC |
| gitlab — gitlab | A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user’s private profile | 2020-12-11 | 5 | CVE-2020-26408 CONFIRM MISC MISC |
| gitlab — gitlab | A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused. | 2020-12-11 | 4 | CVE-2020-26411 CONFIRM MISC |
| gitlab — gitlab | A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | 2020-12-11 | 4 | CVE-2020-26409 CONFIRM MISC MISC |
| gitlab — gitlab | An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | 2020-12-11 | 4 | CVE-2020-13357 CONFIRM MISC MISC |
| gjson_project — gjson | GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. | 2020-12-15 | 5 | CVE-2020-35380 MISC |
| gnome — glib | ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor’s position is “Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries().” The researcher states that this pattern is undocumented. | 2020-12-14 | 4.6 | CVE-2020-35457 MISC MISC MISC |
| google — android | In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496 | 2020-12-15 | 4.6 | CVE-2020-0484 MISC |
| google — android | In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116 | 2020-12-15 | 4.6 | CVE-2020-0486 MISC |
| google — android | In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240 | 2020-12-15 | 4.4 | CVE-2020-0474 MISC |
| google — android | In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638 | 2020-12-15 | 4.6 | CVE-2020-27030 MISC |
| google — android | In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731369 | 2020-12-15 | 4.6 | CVE-2020-27036 MISC |
| google — android | In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765 | 2020-12-15 | 4.6 | CVE-2020-0485 MISC |
| google — android | In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158833495 | 2020-12-15 | 4.6 | CVE-2020-27052 MISC |
| google — android | In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157066561 | 2020-12-15 | 4.6 | CVE-2020-27044 MISC |
| google — android | In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926 | 2020-12-15 | 4.6 | CVE-2020-27054 MISC |
| google — android | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732 | 2020-12-15 | 5 | CVE-2020-27024 MISC |
| google — android | An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | 2020-12-18 | 5 | CVE-2020-35552 MISC |
| google — android | In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155647761 | 2020-12-15 | 4.6 | CVE-2020-0483 MISC |
| google — android | In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318 | 2020-12-15 | 4.6 | CVE-2020-27066 MISC |
| google — android | In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819 | 2020-12-15 | 5 | CVE-2020-27055 MISC |
| google — android | In BitstreamFillCache of bitstream.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264 | 2020-12-15 | 4.3 | CVE-2020-0492 MISC |
| google — android | In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | 2020-12-15 | 4.4 | CVE-2020-27067 MISC |
| google — android | In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540 | 2020-12-15 | 6.8 | CVE-2020-0489 MISC |
| google — android | In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320716 | 2020-12-15 | 6.8 | CVE-2020-0480 MISC |
| google — android | In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650117 | 2020-12-15 | 6.8 | CVE-2020-27048 MISC |
| google — android | In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649467 | 2020-12-15 | 6.8 | CVE-2020-27049 MISC |
| google — android | In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650365 | 2020-12-15 | 6.8 | CVE-2020-27050 MISC |
| google — android | In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338 | 2020-12-15 | 6.8 | CVE-2020-27051 MISC |
| google — android | In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157294893 | 2020-12-15 | 6.8 | CVE-2020-0479 MISC |
| google — android | In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649298 | 2020-12-15 | 4.3 | CVE-2020-27047 MISC |
| google — android | In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257 | 2020-12-15 | 4.3 | CVE-2020-27038 MISC |
| google — android | In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875 | 2020-12-15 | 4.3 | CVE-2020-27029 MISC |
| google — android | During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-79776455 | 2020-12-15 | 4.3 | CVE-2020-27026 MISC |
| google — android | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | 2020-12-15 | 4.3 | CVE-2020-0499 MISC |
| google — android | In decode_packed_entry_number of codebook.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160633884 | 2020-12-15 | 4.3 | CVE-2020-0498 MISC |
| google — android | In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-163413737 | 2020-12-14 | 5 | CVE-2020-0460 MISC |
| google — android | In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531 | 2020-12-14 | 5 | CVE-2020-0463 MISC |
| google — android | In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152895390 | 2020-12-15 | 4.3 | CVE-2020-0494 MISC |
| google — android | In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418 | 2020-12-15 | 6.8 | CVE-2020-0478 MISC |
| google — android | In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156819528 | 2020-12-15 | 4.3 | CVE-2020-0491 MISC |
| google — android | In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155560008 | 2020-12-15 | 4.3 | CVE-2020-0490 MISC |
| google — android | In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516 | 2020-12-15 | 4.3 | CVE-2020-0488 MISC |
| google — android | In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162324374 | 2020-12-15 | 6.8 | CVE-2020-0475 MISC |
| google — android | In read_metadata_vorbiscomment_ of stream_decoder.c, there is possible memory exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124775381 | 2020-12-15 | 4.3 | CVE-2020-0487 MISC |
| google — android | In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541 | 2020-12-14 | 4.3 | CVE-2020-0470 MISC |
| google — android | In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no clear exfiltration path, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145262423 | 2020-12-15 | 4.3 | CVE-2020-0244 MISC |
| google — android | In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649398 | 2020-12-15 | 6.8 | CVE-2020-27045 MISC |
| google — asylo | An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library. | 2020-12-15 | 4.6 | CVE-2020-8935 CONFIRM |
| haxx — curl | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | 2020-12-14 | 5 | CVE-2020-8285 MISC MISC MISC MLIST FEDORA FEDORA |
| haxx — curl | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | 2020-12-14 | 5 | CVE-2020-8169 MISC MISC |
| haxx — curl | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | 2020-12-14 | 5 | CVE-2020-8286 MISC MISC MLIST FEDORA FEDORA |
| haxx — curl | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 2020-12-14 | 4.3 | CVE-2020-8284 MISC MISC MLIST FEDORA FEDORA |
| haxx — curl | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 2020-12-14 | 4.6 | CVE-2020-8177 MISC MISC |
| haxx — libcurl | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | 2020-12-14 | 5 | CVE-2020-8231 MISC MISC |
| i18n_project — i18n | This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs. | 2020-12-11 | 5 | CVE-2020-7791 MISC MISC MISC |
| ibm — financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. | 2020-12-16 | 5 | CVE-2020-4908 XF CONFIRM |
| ibm — financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2020-12-16 | 5 | CVE-2020-4907 XF CONFIRM |
| ibm — financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. | 2020-12-16 | 4.3 | CVE-2020-4905 XF CONFIRM |
| ibm — financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2020-12-16 | 4.3 | CVE-2020-4904 XF CONFIRM |
| ibm — security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | 2020-12-17 | 4 | CVE-2020-4846 XF CONFIRM |
| ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. | 2020-12-16 | 4.3 | CVE-2020-4657 XF CONFIRM |
| ibm — sterling_file_gateway | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. | 2020-12-16 | 4.3 | CVE-2020-4658 XF CONFIRM |
| ibm — tivoli_netcool/impact | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | 2020-12-15 | 5.8 | CVE-2020-4849 XF CONFIRM |
| icinga — icinga | Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. | 2020-12-15 | 6.4 | CVE-2020-29663 MISC MISC |
| igniterealtime — openfire | Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. | 2020-12-12 | 4.3 | CVE-2020-35200 MISC |
| ini_project — ini | This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | 2020-12-11 | 6.8 | CVE-2020-7788 MISC MISC |
| irfanview — irfanview | irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60. | 2020-12-16 | 5 | CVE-2020-35133 MISC MISC |
| jasper_project — jasper | There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | 2020-12-11 | 6.8 | CVE-2020-27828 MISC MISC FEDORA FEDORA |
| keysight — database_connector | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | 2020-12-15 | 6.8 | CVE-2020-35121 MISC |
| keysight — keysight_database_connector | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | 2020-12-15 | 4 | CVE-2020-35122 MISC |
| linux — linux_kernel | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. | 2020-12-11 | 5.4 | CVE-2020-27825 MISC |
| linuxfoundation — spinnaker | Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests. | 2020-12-11 | 6.5 | CVE-2020-9301 CONFIRM |
| mediawiki — mediawiki | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. | 2020-12-18 | 4.3 | CVE-2020-35479 MISC MISC DEBIAN |
| mediawiki — mediawiki | In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. | 2020-12-18 | 4.3 | CVE-2020-35474 MISC MISC |
| mediawiki — mediawiki | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later. | 2020-12-18 | 4.3 | CVE-2020-35478 MISC MISC |
| medtronic — mycarelink_smart_model_25000_firmware | Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patient’s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth. | 2020-12-14 | 5.8 | CVE-2020-25183 MISC |
| microfocus — filr | Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | 2020-12-11 | 4 | CVE-2020-25838 CONFIRM |
| mitel — micollab | The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. | 2020-12-18 | 6.5 | CVE-2020-25608 MISC |
| mitel — micollab | The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. | 2020-12-18 | 5 | CVE-2020-25610 MISC |
| mitel — micollab | The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. | 2020-12-18 | 4 | CVE-2020-25612 MISC |
| mitel — micollab | The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information. | 2020-12-18 | 4.3 | CVE-2020-25611 MISC |
| mitel — micollab | The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. | 2020-12-18 | 4.3 | CVE-2020-25606 MISC |
| mpxj — mpxj | common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | 2020-12-14 | 5 | CVE-2020-35460 MISC MISC |
| mquery_project — mquery | lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. | 2020-12-11 | 5 | CVE-2020-35149 MISC |
| necplatforms — aterm_sa3500g_firmware | Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | 2020-12-14 | 5.8 | CVE-2020-5635 MISC MISC MISC |
| necplatforms — aterm_sa3500g_firmware | Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | 2020-12-14 | 5.2 | CVE-2020-5636 MISC MISC MISC |
| necplatforms — aterm_sa3500g_firmware | Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program. | 2020-12-14 | 5.2 | CVE-2020-5637 MISC MISC MISC |
| node-notifier_project — node-notifier | This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. | 2020-12-11 | 6.8 | CVE-2020-7789 MISC MISC MISC |
| openasset — digital_asset_management | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks. | 2020-12-14 | 4.3 | CVE-2020-28859 MISC MISC |
| openasset — digital_asset_management | OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application. | 2020-12-14 | 5 | CVE-2020-28861 MISC MISC FULLDISC MISC |
| openasset — digital_asset_management | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request’s originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | 2020-12-14 | 5 | CVE-2020-28856 MISC MISC FULLDISC MISC |
| openasset — digital_asset_management | OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. | 2020-12-14 | 4.3 | CVE-2020-28857 MISC MISC FULLDISC MISC |
| openasset — digital_asset_management | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions. | 2020-12-14 | 6.8 | CVE-2020-28858 MISC MISC FULLDISC MISC |
| openasset — digital_asset_management | OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | 2020-12-14 | 6.5 | CVE-2020-28860 MISC MISC FULLDISC MISC |
| opener_project — opener | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | 2020-12-11 | 5 | CVE-2020-13530 CONFIRM |
| p11-kit_project — p11-kit | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. | 2020-12-16 | 5 | CVE-2020-29361 MISC MISC |
| pega — pega_platform | Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | 2020-12-15 | 4.3 | CVE-2020-23957 MISC |
| pixar — openusd | An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | 2020-12-11 | 6.8 | CVE-2020-13520 MISC |
| pluck-cms — pluck | A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the “manage files” functionality, which may result in remote code execution. | 2020-12-16 | 6.5 | CVE-2020-29607 MISC |
| polarisoffice — polaris_ml_report | An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strings in parameters given by attacker. And it finally leads to a stack-based buffer overflow via access to crafted web page. This issue affects: Infraware ML Report 2.19.312.0000. | 2020-12-16 | 6.8 | CVE-2020-7837 MISC |
| redhat — keycloak | A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same “state” parameter. This flaw allows a malicious user to perform replay attacks. | 2020-12-15 | 4 | CVE-2020-14302 MISC |
| redhat — keycloak | A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. | 2020-12-15 | 5 | CVE-2020-10770 MISC |
| s-cart — s-cart | The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. | 2020-12-15 | 4.3 | CVE-2020-28456 MISC MISC MISC MISC |
| schneider-electric — bmep584040_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller. | 2020-12-11 | 5 | CVE-2020-7537 CONFIRM |
| schneider-electric — bmep584040_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller. | 2020-12-11 | 5 | CVE-2020-7543 CONFIRM |
| schneider-electric — bmep584040_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller. | 2020-12-11 | 5 | CVE-2020-7542 CONFIRM |
| schneider-electric — bmxp341000_firmware | A CWE-425: Direct Request (‘Forced Browsing’) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. | 2020-12-11 | 5 | CVE-2020-7541 CONFIRM |
| schneider-electric — bmxp341000_firmware | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP. | 2020-12-11 | 5 | CVE-2020-7539 CONFIRM |
| schneider-electric — bmxp341000_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. | 2020-12-11 | 5 | CVE-2020-7549 CONFIRM |
| schneider-electric — bmxp341000_firmware | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’ Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | 2020-12-11 | 5 | CVE-2020-7535 CONFIRM |
| schneider-electric — easergy_t300_firmware | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | 2020-12-11 | 5 | CVE-2020-28216 MISC CONFIRM |
| schneider-electric — easergy_t300_firmware | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | 2020-12-11 | 5 | CVE-2020-28217 MISC CONFIRM |
| schneider-electric — easergy_t300_firmware | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | 2020-12-11 | 4.3 | CVE-2020-28218 MISC CONFIRM |
| schneider-electric — ecostruxure_control_expert | A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. | 2020-12-11 | 6.8 | CVE-2020-7560 CONFIRM |
| schneider-electric — modicon_m258_firmware | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. | 2020-12-11 | 5.2 | CVE-2020-28220 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. | 2020-12-14 | 5 | CVE-2020-25229 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. | 2020-12-14 | 5 | CVE-2020-25230 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. | 2020-12-14 | 5 | CVE-2020-25232 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins. | 2020-12-14 | 5 | CVE-2020-25235 CONFIRM |
| siemens — sicam_a8000_cp-8000_firmware | A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. | 2020-12-14 | 4.9 | CVE-2020-28396 CONFIRM |
| siemens — simatic_et_200sp_open_controller_firmware | A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request. | 2020-12-14 | 5 | CVE-2020-15796 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. | 2020-12-14 | 6.8 | CVE-2019-19289 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. | 2020-12-14 | 4 | CVE-2019-19287 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | 2020-12-14 | 6.5 | CVE-2019-19286 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The application’s web server could expose non-sensitive information about the server’s architecture. This could allow an attacker to adapt further attacks to the version in place. | 2020-12-14 | 5 | CVE-2019-19283 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. | 2020-12-14 | 4.3 | CVE-2019-19288 CONFIRM |
| smartystreets — liveaddressplugin.js | A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country). | 2020-12-11 | 4.3 | CVE-2020-29455 MISC MISC MISC |
| solarwinds — n-central | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF. | 2020-12-16 | 6.8 | CVE-2020-25622 MISC MISC MISC |
| sonatype — nexus_repository_manager | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0. | 2020-12-17 | 5.5 | CVE-2020-29436 CONFIRM |
| spatie — browsershot | This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | 2020-12-11 | 5 | CVE-2020-7790 MISC MISC |
| stivasoft — phpjabbers_appointment_scheduler | Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | 2020-12-15 | 4.3 | CVE-2020-35416 MISC MISC MISC |
| themexa — secure_file_manager | ** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-12-14 | 6.5 | CVE-2020-35235 MISC MISC |
| tibco — partnerexpress | The REST API component of TIBCO Software Inc.’s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: version 6.2.0. | 2020-12-15 | 6.4 | CVE-2020-27147 CONFIRM CONFIRM |
| tiki — tikiwiki_cms/groupware | TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. | 2020-12-11 | 6.8 | CVE-2020-29254 MISC MISC MISC |
| ua-parser-js_project — ua-parser-js | The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | 2020-12-11 | 5 | CVE-2020-7793 MISC MISC MISC MISC |
| ui — edgemax_edgepower_24v_firmware | A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | 2020-12-14 | 6.8 | CVE-2020-8282 MISC |
| uip_project — uip | An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. | 2020-12-11 | 6.4 | CVE-2020-17437 MISC MISC |
| uip_project — uip | The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c. | 2020-12-11 | 6.4 | CVE-2020-24334 MISC MISC |
| uip_project — uip | An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have ‘�’ termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c. | 2020-12-11 | 5 | CVE-2020-17440 MISC MISC |
| weseek — growi | Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file. | 2020-12-16 | 5 | CVE-2020-5683 MISC MISC MISC |
| weseek — growi | Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 2020-12-16 | 5 | CVE-2020-5682 MISC MISC MISC |
| westerndigital — dashboard | Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | 2020-12-12 | 6.9 | CVE-2020-29654 CONFIRM |
| wireshark — wireshark | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 2020-12-11 | 5 | CVE-2020-26421 CONFIRM MISC MISC |
| wireshark — wireshark | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 2020-12-11 | 5 | CVE-2020-26418 CONFIRM MISC MISC |
| wireshark — wireshark | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 2020-12-11 | 5 | CVE-2020-26420 CONFIRM MISC MISC |
| wireshark — wireshark | Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | 2020-12-11 | 5 | CVE-2020-26419 CONFIRM MISC MISC |
| wp-ecommerce — easy_wp_smtp | The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. | 2020-12-14 | 5 | CVE-2020-35234 MISC MISC |
| x.org — x_server | A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-12-15 | 4.6 | CVE-2020-25712 MISC MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn’t protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable. | 2020-12-15 | 4.9 | CVE-2020-29571 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. | 2020-12-15 | 4.9 | CVE-2020-29570 MLIST DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. | 2020-12-15 | 4.9 | CVE-2020-29568 MISC |
| xen — xen | An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are not vulnerable. | 2020-12-15 | 4.9 | CVE-2020-29485 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected. | 2020-12-15 | 4.9 | CVE-2020-29484 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable. | 2020-12-15 | 4.6 | CVE-2020-29481 MLIST DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests’ namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause “xenstore-ls -r” to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | 2020-12-15 | 4.9 | CVE-2020-29482 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored’s internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest’s memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS. | 2020-12-15 | 4.9 | CVE-2020-29483 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability. | 2020-12-15 | 4.9 | CVE-2020-29566 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | 2020-12-15 | 4.9 | CVE-2020-29486 DEBIAN MISC |
| xen — xen | An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability. | 2020-12-15 | 4.9 | CVE-2020-29567 MISC |
| xstream_project — xstream | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream’s Security Framework with a whitelist! Anyone relying on XStream’s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. | 2020-12-16 | 5 | CVE-2020-26258 CONFIRM MLIST MISC |
| xstream_project — xstream | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream’s Security Framework with a whitelist! Anyone relying on XStream’s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. | 2020-12-16 | 6.4 | CVE-2020-26259 CONFIRM MLIST MISC |
| zyxel — p1302-t10_v3_firmware | Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | 2020-12-14 | 5 | CVE-2020-20183 CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user’s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user’s browser if the victim opens or searches for a node whose “Display Name” contains an XSS payload. | 2020-12-16 | 3.5 | CVE-2019-14478 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted. | 2020-12-16 | 2.1 | CVE-2019-14477 MISC MISC |
| epson — eps_tse_server_8_firmware | A Cross-Site Scripting (XSS) issue in the ‘update user’ and ‘delete user’ functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. | 2020-12-16 | 3.5 | CVE-2020-28930 MISC |
| ethereum — go_ethereum | Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made — all users are recommended to upgrade to a newer version. | 2020-12-11 | 3.5 | CVE-2020-26265 MISC CONFIRM |
| gitlab — gitlab | Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | 2020-12-11 | 2.1 | CVE-2020-26416 CONFIRM MISC |
| google — android | In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424 | 2020-12-15 | 1.9 | CVE-2020-0280 MISC |
| google — android | In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649306 | 2020-12-15 | 2.1 | CVE-2020-27046 MISC |
| google — android | In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159371448 | 2020-12-15 | 2.1 | CVE-2020-27053 MISC |
| google — android | In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161356067 | 2020-12-15 | 2.1 | CVE-2020-27056 MISC |
| google — android | In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583 | 2020-12-15 | 2.1 | CVE-2020-27068 MISC |
| google — android | In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161903239 | 2020-12-15 | 2.1 | CVE-2020-27057 MISC |
| google — android | In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913391 | 2020-12-15 | 2.1 | CVE-2020-0500 MISC |
| google — android | In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661 | 2020-12-15 | 2.1 | CVE-2020-0497 MISC |
| google — android | In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-149481220 | 2020-12-15 | 2.1 | CVE-2020-0496 MISC |
| google — android | In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155473137 | 2020-12-15 | 2.1 | CVE-2020-0495 MISC |
| google — android | In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150615407 | 2020-12-15 | 2.1 | CVE-2020-0493 MISC |
| google — android | In nfc_enabled of nfc_main.cc, there is a possible out of bounds read due to an incorrect increment. This could lead to local information disclosure via firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155234594 | 2020-12-15 | 2.1 | CVE-2020-27043 MISC |
| google — android | In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156009462 | 2020-12-15 | 2.1 | CVE-2020-27023 MISC |
| google — android | In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245 | 2020-12-15 | 2.1 | CVE-2020-27021 MISC |
| google — android | In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn’t have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962 | 2020-12-15 | 2.1 | CVE-2020-0481 MISC |
| google — android | In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156008365 | 2020-12-15 | 2.1 | CVE-2020-27025 MISC |
| google — android | In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122358602 | 2020-12-15 | 2.1 | CVE-2020-27027 MISC |
| google — android | In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611 | 2020-12-15 | 2.1 | CVE-2020-27028 MISC |
| google — android | In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151313205 | 2020-12-15 | 2.1 | CVE-2020-27031 MISC |
| google — android | In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data due to a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857259 | 2020-12-15 | 2.1 | CVE-2020-27032 MISC |
| google — android | In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153655153 | 2020-12-15 | 2.1 | CVE-2020-27033 MISC |
| google — android | In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153556754 | 2020-12-15 | 2.1 | CVE-2020-27034 MISC |
| google — android | In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | 2020-12-15 | 2.1 | CVE-2020-27035 MISC |
| google — android | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731335 | 2020-12-15 | 2.1 | CVE-2020-27037 MISC |
| google — android | In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878498 | 2020-12-15 | 2.1 | CVE-2020-27039 MISC |
| google — android | In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572 | 2020-12-15 | 2.1 | CVE-2020-0482 MISC |
| google — android | In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574 | 2020-12-15 | 2.1 | CVE-2020-0476 MISC |
| google — android | In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414 | 2020-12-15 | 2.1 | CVE-2020-0477 MISC |
| google — android | In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687 | 2020-12-14 | 2.1 | CVE-2020-0459 MISC |
| google — android | In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154928507 | 2020-12-15 | 2.1 | CVE-2020-27041 MISC |
| google — android | In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798 | 2020-12-14 | 2.1 | CVE-2020-0019 MISC |
| google — android | In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 | 2020-12-15 | 2.1 | CVE-2020-0368 MISC |
| google — android | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880 | 2020-12-15 | 2.1 | CVE-2020-27040 MISC |
| google — android | In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903 | 2020-12-14 | 2.1 | CVE-2020-0464 MISC |
| google — android | In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422 | 2020-12-14 | 2.1 | CVE-2020-0468 MISC |
| google — android | In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734 | 2020-12-14 | 2.1 | CVE-2020-0469 MISC |
| google — android | In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486 | 2020-12-15 | 2.1 | CVE-2020-0473 MISC |
| google — android | In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-168500792 | 2020-12-14 | 2.1 | CVE-2020-0467 MISC |
| google — asylo | An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02 | 2020-12-15 | 2.1 | CVE-2020-8938 CONFIRM |
| google — asylo | An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a | 2020-12-15 | 2.1 | CVE-2020-8944 CONFIRM |
| google — asylo | An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f | 2020-12-15 | 2.1 | CVE-2020-8943 CONFIRM |
| google — asylo | An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200 | 2020-12-15 | 2.1 | CVE-2020-8942 CONFIRM |
| google — asylo | An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec | 2020-12-15 | 2.1 | CVE-2020-8941 CONFIRM |
| google — asylo | An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131e | 2020-12-15 | 2.1 | CVE-2020-8940 CONFIRM |
| google — asylo | An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4 | 2020-12-15 | 2.1 | CVE-2020-8939 CONFIRM |
| google — asylo | An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave. | 2020-12-15 | 2.1 | CVE-2020-8936 CONFIRM |
| google — asylo | An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02 | 2020-12-15 | 2.1 | CVE-2020-8937 CONFIRM |
| ibm — financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | 2020-12-16 | 2.1 | CVE-2020-4906 XF CONFIRM |
| ibm — security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. | 2020-12-17 | 3.5 | CVE-2020-4845 XF CONFIRM |
| igniterealtime — openfire | Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. | 2020-12-12 | 3.5 | CVE-2020-35201 MISC |
| igniterealtime — openfire | Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. | 2020-12-12 | 3.5 | CVE-2020-35199 MISC |
| igniterealtime — openfire | Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | 2020-12-12 | 3.5 | CVE-2020-35202 MISC |
| linuxfoundation — osquery | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite’s ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This _does_ allow arbitrary files to be created, but they will be sqlite databases. It does not appear to allow existing non-sqlite files to be overwritten. This has been patched in osquery 4.6.0. There are several mitigating factors and possible workarounds. In some deployments, the people with access to these interfaces may be considered administrators. In some deployments, configuration is managed by a central tool. This tool can filter for the `ATTACH` keyword. osquery can be run as non-root user. Because this also limits the desired access levels, this requires deployment specific testing and configuration. | 2020-12-16 | 3.6 | CVE-2020-26273 MISC MISC CONFIRM MISC |
| logmein — lastpass | ** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. | 2020-12-12 | 3.3 | CVE-2020-35208 MISC MISC |
| logmein — lastpass | ** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. | 2020-12-12 | 3.3 | CVE-2020-35207 MISC MISC |
| mitel — micollab | The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data. | 2020-12-18 | 3.5 | CVE-2020-25609 MISC |
| mitel — micontact_center_business | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. | 2020-12-18 | 2.1 | CVE-2020-24693 MISC |
| mitsubishielectric — melsec_iq-f_fx5u_cpu_firmware | Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. | 2020-12-14 | 3.3 | CVE-2020-5665 MISC MISC MISC MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | 2.1 | CVE-2020-13511 MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | 2.1 | CVE-2020-13518 MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | 2.1 | CVE-2020-13517 MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | 2.1 | CVE-2020-13516 MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | 2.1 | CVE-2020-13510 MISC |
| nzxt — cam | An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data. | 2020-12-18 | 2.1 | CVE-2020-13509 MISC |
| opencart — opencart | Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart. | 2020-12-11 | 3.5 | CVE-2020-28838 MISC MISC |
| phpldapadmin_project — phpldapadmin | An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. | 2020-12-11 | 3.5 | CVE-2020-35132 MISC MISC MISC MISC FEDORA FEDORA |
| s-cart — s-cart | This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. | 2020-12-15 | 3.5 | CVE-2020-28457 MISC MISC MISC MISC |
| schneider-electric — ecostruxure_geo_scada_expert_2019 | A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | 2020-12-11 | 2.1 | CVE-2020-28219 CONFIRM |
| schneider-electric — modicon_m221_firmware | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide. | 2020-12-11 | 2.1 | CVE-2020-28214 MISC CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. | 2020-12-14 | 2.1 | CVE-2020-25233 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | 2020-12-14 | 3.6 | CVE-2020-25234 CONFIRM |
| siemens — logo!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. | 2020-12-14 | 2.1 | CVE-2020-25231 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link. | 2020-12-14 | 3.5 | CVE-2019-19285 CONFIRM |
| siemens — xhq | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. | 2020-12-14 | 3.5 | CVE-2019-19284 CONFIRM |
| solarwinds — database_performance_analyzer | SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. | 2020-12-15 | 3.5 | CVE-2018-16243 MISC |
| solarwinds — webhelpdesk | SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | 2020-12-18 | 3.5 | CVE-2019-16957 MISC MISC MISC |
| solarwinds — webhelpdesk | SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | 2020-12-18 | 3.5 | CVE-2019-16955 MISC MISC MISC |
| typesettercms — typesetter | ** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because “admins are considered trustworthy.” | 2020-12-11 | 3.5 | CVE-2020-35126 MISC |
| xen — xen | An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests’ devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data. | 2020-12-15 | 2.1 | CVE-2020-29480 DEBIAN MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — dolphinscheduler |
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | 2020-12-18 | not yet calculated | CVE-2020-11974 MISC |
| apache — pulsar_manager |
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager’s admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. | 2020-12-18 | not yet calculated | CVE-2020-17520 MISC |
| apache — tomee |
If Apache TomEE 8.0.0-M1 – 8.0.3, 7.1.0 – 7.1.3, 7.0.0-M1 – 7.0.8, 1.0.0 – 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. | 2020-12-18 | not yet calculated | CVE-2020-13931 MISC |
| bitdefender — hypervisor_introspection |
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2. | 2020-12-17 | not yet calculated | CVE-2020-15294 MISC |
| bitdefender — hypervisor_introspection |
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | 2020-12-17 | not yet calculated | CVE-2020-15293 MISC |
| bitdefender — hypervisor_introspection |
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | 2020-12-17 | not yet calculated | CVE-2020-15292 MISC |
| ceph — ceph |
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even “admin” users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0. | 2020-12-18 | not yet calculated | CVE-2020-27781 MISC |
| debian — bounty_castle_bc |
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | 2020-12-18 | not yet calculated | CVE-2020-28052 MISC MISC MISC |
| dell — emc_idrac9 |
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | 2020-12-16 | not yet calculated | CVE-2020-26198 MISC |
| golang — go |
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | 2020-12-17 | not yet calculated | CVE-2020-29652 MISC MISC |
| hashicorp — vault_enterprise |
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. | 2020-12-17 | not yet calculated | CVE-2020-35453 CONFIRM CONFIRM |
| hashicorp — vault_enterprise |
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. | 2020-12-17 | not yet calculated | CVE-2020-35177 CONFIRM CONFIRM |
| hcl — bigfix_inventory |
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 2020-12-16 | not yet calculated | CVE-2020-14248 MISC |
| hcl — bigfix_inventory |
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. | 2020-12-16 | not yet calculated | CVE-2020-14254 MISC |
| hcl — inotes |
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. | 2020-12-18 | not yet calculated | CVE-2020-14271 MISC |
| hcl — notes |
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. | 2020-12-18 | not yet calculated | CVE-2020-14224 MISC |
| hcl — notes |
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | 2020-12-18 | not yet calculated | CVE-2020-14232 MISC |
| hcl — verse |
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. | 2020-12-18 | not yet calculated | CVE-2020-4080 MISC |
| hewlett_packard — ilo_amplifier_pack_server |
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. | 2020-12-18 | not yet calculated | CVE-2020-7203 MISC |
| hewlett_packard — storeever_msl2024_tape_library_and_storeever_1/8_g2_tape_autoloaders |
A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). | 2020-12-18 | not yet calculated | CVE-2020-7201 MISC |
| hewlett_packard — systems_insight_manager |
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. | 2020-12-18 | not yet calculated | CVE-2020-7200 MISC |
| ibm — planning_analytics |
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. | 2020-12-18 | not yet calculated | CVE-2020-4764 XF CONFIRM |
| kepware — linkmaster |
A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | 2020-12-18 | not yet calculated | CVE-2020-13535 MISC |
| kyland — kps2204_6_port_managed_din-rail_programmable_serial_device_servers |
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. | 2020-12-17 | not yet calculated | CVE-2020-25010 MISC MISC |
| kyland — kps2204_6_port_managed_din-rail_programmable_serial_device_servers |
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | 2020-12-17 | not yet calculated | CVE-2020-25011 MISC MISC |
| lantronix — xport_edge |
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13527 MISC |
| lantronix — xport_edge |
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13528 MISC |
| lg — multiple_mobile_devices |
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020). | 2020-12-18 | not yet calculated | CVE-2020-35555 MISC |
| lg — multiple_mobile_devices |
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020). | 2020-12-18 | not yet calculated | CVE-2020-35554 MISC |
| linux — linux_kernel |
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. | 2020-12-15 | not yet calculated | CVE-2020-27777 MISC MISC MISC MISC |
| linux — linux_kernel |
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn’t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. | 2020-12-18 | not yet calculated | CVE-2020-27780 MISC |
| logrhythm — platform_manager |
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application server, which will forward requests to any configured back-end server, regardless of whether the user’s access rights should permit this. As a result, even the most low-privileged user can interact with any back-end component that has a LogRhythm agent installed. | 2020-12-17 | not yet calculated | CVE-2020-25096 MISC |
| logrhythm — platform_manager |
LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable PM server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user. This can include WebSocket payloads that result in command execution. | 2020-12-17 | not yet calculated | CVE-2020-25095 MISC |
| logrhythm — platform_manager |
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges. | 2020-12-17 | not yet calculated | CVE-2020-25094 MISC |
| magic_home — magic_home_pro |
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user. | 2020-12-17 | not yet calculated | CVE-2020-27199 MISC |
| marvell — qconvergeconsole_gui |
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | 2020-12-18 | not yet calculated | CVE-2020-5803 MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don’t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. | 2020-12-18 | not yet calculated | CVE-2020-35480 MISC MISC DEBIAN |
| mediawiki — mediawiki |
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | 2020-12-18 | not yet calculated | CVE-2020-35475 MISC MISC DEBIAN |
| mediawiki — mediawiki |
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the “Change visibility of selected log entries” checkbox (or a tags checkbox) next to it, there is a redirection to the main page’s action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). | 2020-12-18 | not yet calculated | CVE-2020-35477 MISC MISC DEBIAN |
| mitel — businesscti_enterprise_client |
The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data. | 2020-12-18 | not yet calculated | CVE-2020-27154 MISC |
| mitel — micollab |
The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. | 2020-12-18 | not yet calculated | CVE-2020-27340 MISC |
| mitel — mivoice_and_minet_phones |
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | 2020-12-18 | not yet calculated | CVE-2020-27640 MISC |
| mitel — mivoice_sip_phones |
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | 2020-12-18 | not yet calculated | CVE-2020-27639 MISC |
| nzxt — nzxt_cam |
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13519 MISC |
| nzxt — nzxt_cam |
A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13512 MISC |
| nzxt — nzxt_cam |
A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13513 MISC |
| nzxt — nzxt_cam |
A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13514 MISC |
| nzxt — nzxt_cam |
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | 2020-12-18 | not yet calculated | CVE-2020-13515 MISC |
| open_zaak — open_zaak |
Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open – every client is allowed. This allows evil.com to run scripts that perform AJAX calls to known Open Zaak installations, and the browser will not block these. This was intended to only apply to development machines running on localhost/127.0.0.1. Open Zaak 1.3.3 disables CORS by default, while it can be opted-in through environment variables. The vulnerability does not actually seem exploitable because: a) The session cookie has a `Same-Site: Lax` policy which prevents it from being sent along in Cross-Origin requests. b) All pages that give access to (production) data are login-protected c) `Access-Control-Allow-Credentials` is set to `false` d) CSRF checks probably block the remote origin, since they’re not explicitly added to the trusted allowlist. | 2020-12-18 | not yet calculated | CVE-2020-26251 MISC MISC CONFIRM |
| openslides — openslides |
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020). | 2020-12-18 | not yet calculated | CVE-2020-26280 MISC MISC MISC CONFIRM MISC |
| p11-kit — p11-kit |
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. | 2020-12-16 | not yet calculated | CVE-2020-29362 MISC MISC |
| p11-kit — p11-kit |
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | 2020-12-16 | not yet calculated | CVE-2020-29363 MISC MISC |
| phoenix_contact — mguard_devices |
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource | 2020-12-17 | not yet calculated | CVE-2020-12523 CONFIRM |
| phoenix_contact — plcnext_control_devices |
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | 2020-12-17 | not yet calculated | CVE-2020-12517 CONFIRM |
| phoenix_contact — plcnext_control_devices |
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot. | 2020-12-17 | not yet calculated | CVE-2020-12521 CONFIRM |
| phoenix_contact — plcnext_control_devices |
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges. | 2020-12-17 | not yet calculated | CVE-2020-12519 CONFIRM |
| phoenix_contact — plcnext_control_devices |
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | 2020-12-17 | not yet calculated | CVE-2020-12518 CONFIRM |
| samsung — multiple_mobile_devices | An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). | 2020-12-18 | not yet calculated | CVE-2020-35548 MISC |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | 2020-12-18 | not yet calculated | CVE-2020-35549 MISC |
| smilegate — stove_client |
A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72. | 2020-12-18 | not yet calculated | CVE-2020-7838 MISC |
| solarwinds — n-central |
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication. | 2020-12-16 | not yet calculated | CVE-2020-25619 MISC MISC MISC |
| solarwinds — n-central |
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file). | 2020-12-16 | not yet calculated | CVE-2020-25618 MISC MISC MISC |
| solarwinds — n-central |
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords. | 2020-12-16 | not yet calculated | CVE-2020-25621 MISC MISC MISC |
| solarwinds — n-central |
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface. | 2020-12-16 | not yet calculated | CVE-2020-25620 MISC MISC MISC |
| spiceworks — spiceworks |
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 2020-12-18 | not yet calculated | CVE-2020-25901 MISC |
| spotweb — spotweb |
Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 2020-12-17 | not yet calculated | CVE-2020-35545 MISC |
| tangro — business_workflow | In tangro Business Workflow before 1.18.1, a user’s profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side. | 2020-12-18 | not yet calculated | CVE-2020-26177 MISC MISC |
| tangro — business_workflow | tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem. | 2020-12-18 | not yet calculated | CVE-2020-26174 MISC MISC |
| tangro — business_workflow |
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users. | 2020-12-18 | not yet calculated | CVE-2020-26175 MISC MISC |
| tangro — business_workflow |
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp. | 2020-12-18 | not yet calculated | CVE-2020-26172 MISC MISC |
| tangro — business_workflow |
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. | 2020-12-18 | not yet calculated | CVE-2020-26178 MISC MISC |
| tangro — business_workflow |
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | 2020-12-18 | not yet calculated | CVE-2020-26176 MISC MISC |
| tangro — business_workflow |
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required. | 2020-12-18 | not yet calculated | CVE-2020-26173 MISC MISC |
| tangro — business_workflow |
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them. | 2020-12-18 | not yet calculated | CVE-2020-26171 MISC MISC |
| thingsboard — thingsboard |
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen. | 2020-12-18 | not yet calculated | CVE-2020-27687 MISC MISC |
| trend_micro — interscan_web_security_virtual_appliance | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product’s admin interface to users who would not normally have access. | 2020-12-17 | not yet calculated | CVE-2020-8464 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | 2020-12-17 | not yet calculated | CVE-2020-8462 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance |
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim’s browser to send a specifically encoded request without requiring a valid CSRF token. | 2020-12-17 | not yet calculated | CVE-2020-8461 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 2020-12-17 | not yet calculated | CVE-2020-8463 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance |
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | 2020-12-17 | not yet calculated | CVE-2020-8466 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | 2020-12-17 | not yet calculated | CVE-2020-8465 N/A N/A |
| trend_micro — interscan_web_security_virtual_appliance |
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | 2020-12-17 | not yet calculated | CVE-2020-27010 N/A |
| troglobit — uftpd |
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c’s compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | 2020-12-18 | not yet calculated | CVE-2020-20277 MISC MISC |
| troglobit — uftpd |
An unauthenticated stack-based buffer overflow vulnerability in common.c’s handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | 2020-12-18 | not yet calculated | CVE-2020-20276 MISC MISC |
| vmware — carbon_black_cloud |
The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. | 2020-12-16 | not yet calculated | CVE-2020-4008 MISC |
| wago — multiple_devices |
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | 2020-12-17 | not yet calculated | CVE-2020-12522 CONFIRM |
| weiphp — weiphp |
SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | 2020-12-18 | not yet calculated | CVE-2020-20300 MISC |
| weiphp — weiphp |
WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | 2020-12-18 | not yet calculated | CVE-2020-20299 MISC |
| wordpress — wordpress |
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 2020-12-17 | not yet calculated | CVE-2020-35489 MISC MISC MISC MISC MISC |
| xen — xapi |
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0’s configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable. | 2020-12-15 | not yet calculated | CVE-2020-29487 MISC |
| xinuous — openserver |
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. | 2020-12-18 | not yet calculated | CVE-2020-25494 MISC |
| xinuous — openserver |
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter ‘section’. | 2020-12-18 | not yet calculated | CVE-2020-25495 MISC |
| zimba — collaboration_suite_network_edition |
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17. | 2020-12-17 | not yet calculated | CVE-2020-35123 CONFIRM CONFIRM CONFIRM CONFIRM |
| zzcms — zzcms |
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | 2020-12-18 | not yet calculated | CVE-2020-20285 MISC |
| zzzphp — zzzphp |
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 2020-12-18 | not yet calculated | CVE-2020-20298 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.