Original release date: June 22, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adns — adns |
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. | 2020-06-18 | 7.5 | CVE-2017-9105 MISC CONFIRM CONFIRM |
| adns — adns |
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | 2020-06-18 | 7.5 | CVE-2017-9104 SUSE MISC CONFIRM CONFIRM |
| adobe — flash_player |
Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 10 | CVE-2020-9633 CONFIRM GENTOO |
| advantech — webaccess_node |
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 2020-06-15 | 7.5 | CVE-2020-12019 MISC |
| geovision — door_access_control_devices | GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | 2020-06-12 | 10 | CVE-2020-3928 MISC |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. | 2020-06-15 | 10 | CVE-2020-4469 XF CONFIRM MISC |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | 2020-06-15 | 7.5 | CVE-2020-4216 XF CONFIRM MISC |
| lansweeper — lansweeper |
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless “Built-in admin” is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | 2020-06-15 | 7.5 | CVE-2020-14011 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14402 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | 2020-06-17 | 7.5 | CVE-2020-14405 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14404 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | 2020-06-17 | 7.5 | CVE-2020-14401 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14403 MISC MISC |
| meetecho — janus-gateway |
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. | 2020-06-15 | 7.5 | CVE-2020-14033 MISC MISC CONFIRM |
| meetecho — janus-gateway |
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. | 2020-06-15 | 7.5 | CVE-2020-14034 MISC MISC CONFIRM |
| naviwebs — navigate_cms |
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 2020-06-15 | 7.5 | CVE-2020-14067 MISC |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. | 2020-06-18 | 7.7 | CVE-2020-14434 CONFIRM |
| pcre — perl_compatible_regular_expression |
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 2020-06-15 | 7.5 | CVE-2020-14155 MISC MISC |
| schneider_electric — easergy_t300_devices |
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | 2020-06-16 | 9 | CVE-2020-7505 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | 2020-06-16 | 7.5 | CVE-2020-7512 MISC |
| schneider_electric — ecostruxure_operator_terminal_expert |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | 2020-06-16 | 7.5 | CVE-2020-7497 MISC |
| suse — opensuse_leap |
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. | 2020-06-18 | 7.5 | CVE-2017-9103 SUSE MISC CONFIRM CONFIRM |
| suse — opensuse_leap |
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. | 2020-06-18 | 7.5 | CVE-2017-9109 SUSE MISC CONFIRM CONFIRM |
|
treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | 2020-06-17 | 10 | CVE-2020-11897 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | 2020-06-17 | 7.5 | CVE-2020-11902 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | 2020-06-17 | 9.3 | CVE-2020-11901 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | 2020-06-17 | 7.5 | CVE-2020-11904 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | 2020-06-17 | 9.3 | CVE-2020-11896 MISC CISCO MISC MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. | 2020-06-15 | 7.5 | CVE-2020-14080 MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | 2020-06-15 | 9 | CVE-2020-14081 MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | 2020-06-15 | 9 | CVE-2020-14075 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adns — adns |
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with , and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack. | 2020-06-18 | 5 | CVE-2017-9107 MISC CONFIRM CONFIRM |
| adns — adns |
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn’t, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type. | 2020-06-18 | 5 | CVE-2017-9106 MISC CONFIRM CONFIRM |
| adns — adns |
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. | 2020-06-18 | 5 | CVE-2017-9108 MISC CONFIRM CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9647 CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9648 CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9651 CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-12 | 5 | CVE-2020-9645 CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-12 | 5 | CVE-2020-9643 CONFIRM |
| adobe — framemaker |
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9634 CONFIRM |
| adobe — framemaker |
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9635 CONFIRM |
| adobe — framemaker |
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9636 CONFIRM |
| apsis — pound |
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | 2020-06-15 | 6.4 | CVE-2018-21245 MISC |
| cacti — cacti | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. | 2020-06-17 | 6.5 | CVE-2020-14295 MISC |
| d-link — dsl-2750u_devices |
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 2020-06-15 | 4.6 | CVE-2020-13150 MISC MISC |
| digdash — digdash_enterprise |
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. | 2020-06-15 | 4.3 | CVE-2020-13652 MISC |
| geovision — door_access_control_device |
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. | 2020-06-12 | 4.3 | CVE-2020-3929 MISC |
| gnu — bison |
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). | 2020-06-15 | 5 | CVE-2020-14150 MISC MISC |
| huawei — fusionaccess |
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. | 2020-06-15 | 4 | CVE-2020-1825 MISC |
| huawei — multiple_products |
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. | 2020-06-15 | 4 | CVE-2020-9075 MISC |
| huawei — multiple_smartphones |
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | 2020-06-15 | 4 | CVE-2020-9076 MISC |
| huawei — p30_smartphones |
HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. | 2020-06-15 | 4.6 | CVE-2020-1813 MISC |
| ibm — mq_and_mq_appliance_devices |
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | 2020-06-16 | 5 | CVE-2020-4310 XF CONFIRM |
| ibm — spectrum_protect_client |
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. | 2020-06-15 | 5 | CVE-2020-4494 XF CONFIRM |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. | 2020-06-15 | 6.4 | CVE-2020-4471 XF CONFIRM MISC |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. | 2020-06-15 | 6 | CVE-2020-4470 XF CONFIRM MISC |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | 2020-06-15 | 4 | CVE-2020-4477 XF CONFIRM |
| icinga — icinga2 |
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | 2020-06-12 | 4.6 | CVE-2020-14004 CONFIRM MISC MISC MISC MISC |
| ijg — libipeg |
In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds array read for certain table pointers. | 2020-06-15 | 5.8 | CVE-2020-14153 MISC MISC |
| ijg — libipeg |
In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cjpeg mishandles EOF. | 2020-06-15 | 5.8 | CVE-2020-14151 MISC MISC |
| ijg — libipeg |
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 2020-06-15 | 5.8 | CVE-2020-14152 MISC MISC |
| intel — active_management_technology |
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | 5 | CVE-2020-0540 MISC |
| intel — active_management_technology |
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-06-15 | 5 | CVE-2020-0538 MISC |
| intel — active_management_technology |
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. | 2020-06-15 | 4 | CVE-2020-0537 MISC |
| libvncserver — libvncserver | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | 2020-06-17 | 5 | CVE-2020-14398 MISC MISC |
| libvncserver — libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | 2020-06-17 | 5 | CVE-2020-14396 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. | 2020-06-17 | 5 | CVE-2020-14400 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | 2020-06-17 | 5 | CVE-2018-21247 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | 2020-06-17 | 5 | CVE-2019-20840 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | 2020-06-17 | 5 | CVE-2020-14397 MISC MISC |
| libvncserver — libvncserver |
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. | 2020-06-17 | 5 | CVE-2020-14399 MISC MISC |
| libvncserver — libvncserver |
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 2020-06-17 | 5 | CVE-2019-20839 MISC MISC |
| lignum_computing — libemf | ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 2020-06-15 | 4.3 | CVE-2020-13999 MISC MISC MISC MISC |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the “get channel by name” API, aka MMSA-2020-0004. | 2020-06-19 | 5 | CVE-2020-14458 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | 2020-06-19 | 5 | CVE-2020-14453 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | 2020-06-19 | 5 | CVE-2020-14459 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. | 2020-06-19 | 5 | CVE-2020-14450 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. | 2020-06-19 | 5 | CVE-2020-14447 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | 2020-06-19 | 4.3 | CVE-2019-20844 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | 2020-06-19 | 5 | CVE-2020-14452 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | 2020-06-19 | 5 | CVE-2019-20888 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. | 2020-06-19 | 5 | CVE-2020-14457 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. | 2020-06-19 | 5 | CVE-2020-14448 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | 2020-06-19 | 5 | CVE-2018-21262 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. | 2020-06-19 | 5 | CVE-2019-20885 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph. | 2020-06-19 | 5 | CVE-2019-20880 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. | 2020-06-19 | 5 | CVE-2019-20877 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. | 2020-06-19 | 5 | CVE-2019-20845 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | 2020-06-19 | 5 | CVE-2019-20843 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. | 2020-06-19 | 6.5 | CVE-2019-20842 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. | 2020-06-19 | 5 | CVE-2019-20884 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | 2020-06-19 | 5 | CVE-2019-20846 CONFIRM |
| micro_focus — arcsight_enterprise_security_manager |
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-16 | 4.3 | CVE-2020-9522 MISC |
| micro_focus — arcsight_logger |
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-12 | 4.3 | CVE-2020-11839 MISC |
| micro_focus — arcsight_management_center |
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | 2020-06-16 | 4 | CVE-2020-11840 MISC |
| micro_focus — arcsight_management_center |
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | 2020-06-16 | 4 | CVE-2020-11841 MISC |
| mutt — mutt |
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | 2020-06-15 | 4.3 | CVE-2020-14093 MISC MISC DEBIAN |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14439 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14441 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14438 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14440 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14429 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14437 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14436 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104. | 2020-06-18 | 5.8 | CVE-2020-14435 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14442 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25. | 2020-06-18 | 5.2 | CVE-2020-14433 CONFIRM |
| open-xchange — ox_app_suite | OX App Suite through 7.10.3 has Improper Input Validation. | 2020-06-16 | 5 | CVE-2020-8543 MISC MISC |
| open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows SSRF. | 2020-06-16 | 4 | CVE-2020-8544 MISC MISC |
| open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows XXE attacks. | 2020-06-16 | 4 | CVE-2020-8541 MISC MISC |
| open-xchange — ox_guard |
OX Guard 2.10.3 and earlier allows SSRF. | 2020-06-15 | 4 | CVE-2020-9427 MISC MISC MISC |
| open-xchange — ox_guard |
OX Guard 2.10.3 and earlier allows XSS. | 2020-06-15 | 4.3 | CVE-2020-9426 MISC MISC MISC |
| open_microscopy_environment — omero | In OMERO before 5.6.1, group owners can access members’ data in other groups. | 2020-06-17 | 5.5 | CVE-2020-6752 CONFIRM |
| openstack — mistral | A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | 2020-06-15 | 4 | CVE-2018-16848 MISC MISC |
| red_hat — openshift_api_server |
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | 2020-06-12 | 6 | CVE-2020-10752 CONFIRM CONFIRM |
| santize_gem_for_ruby_on_rails — santize_gem_for_ruby_on_rails |
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize’s “relaxed” config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize’s relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. | 2020-06-16 | 6.8 | CVE-2020-4054 MISC MISC CONFIRM |
| schneider-electric — ecostruxure_operator_terminal_expert |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | 2020-06-16 | 4.3 | CVE-2020-7495 MISC |
| schneider_electric — easergy_t300_devices | A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | 2020-06-16 | 5 | CVE-2020-7507 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | 2020-06-16 | 5 | CVE-2020-7513 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | 2020-06-16 | 5 | CVE-2020-7506 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | 2020-06-16 | 5 | CVE-2020-7504 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | 2020-06-16 | 6.5 | CVE-2020-7509 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | 2020-06-16 | 5 | CVE-2020-7510 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | 2020-06-16 | 5 | CVE-2020-7508 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | 2020-06-16 | 6.8 | CVE-2020-7503 MISC |
| schneider_electric — easergy_t300_devices |
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | 2020-06-16 | 5 | CVE-2020-7511 MISC |
| schneider_electric — ecostruxture_operator_terminal_expert |
A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7496 MISC |
| schneider_electric — ecostruxture_operator_terminal_expert |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7494 MISC |
| schneider_electric — ecostruxture_operator_terminal_expert |
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7493 MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 2020-06-17 | 5 | CVE-2020-11913 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | 2020-06-17 | 5 | CVE-2020-11911 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | 2020-06-17 | 5.8 | CVE-2020-11906 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 2020-06-17 | 4.8 | CVE-2020-11899 MISC CISCO CONFIRM MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | 2020-06-17 | 5 | CVE-2020-11910 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | 2020-06-17 | 5 | CVE-2020-11909 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | 2020-06-17 | 5.8 | CVE-2020-11907 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | 2020-06-17 | 6.4 | CVE-2020-11900 MISC CISCO CONFIRM MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | 2020-06-17 | 6.4 | CVE-2020-11898 MISC CISCO MISC MISC MISC |
| trendnet — tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. | 2020-06-15 | 6.5 | CVE-2020-14078 MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. | 2020-06-15 | 6.5 | CVE-2020-14074 MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. | 2020-06-15 | 6.5 | CVE-2020-14076 MISC MISC MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. | 2020-06-15 | 6.5 | CVE-2020-14077 MISC MISC |
| trendnet — tew-827dru_devices |
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. | 2020-06-15 | 6.5 | CVE-2020-14079 MISC MISC MISC MISC |
| vmware — horizon_client_for_windows |
VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. | 2020-06-15 | 4.6 | CVE-2020-3961 MISC |
| wordpress — wordpress | The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 2020-06-15 | 6.8 | CVE-2019-19109 MISC |
| wordpress — wordpress |
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 2020-06-15 | 4.3 | CVE-2019-19111 MISC |
| wordpress — wordpress |
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | 2020-06-15 | 4.3 | CVE-2019-19112 MISC |
| zoho — manageengine_servicedesk |
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | 2020-06-12 | 5 | CVE-2020-14048 MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 3.5 | CVE-2020-9644 CONFIRM |
| caldera — caldera | CALDERA 2.7.0 allows XSS via the Operation Name box. | 2020-06-19 | 3.5 | CVE-2020-14462 MISC |
| chownr — chownr | A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | 2020-06-15 | 1.9 | CVE-2017-18869 MISC MISC MISC MISC |
| geovision — door_access_control_device |
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | 2020-06-12 | 2.1 | CVE-2020-3930 MISC |
| huawei — mate_30_smartphones |
HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. | 2020-06-18 | 3.3 | CVE-2020-1835 MISC |
| huawei — p30_and_p30_pro_smartphones |
HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | 2020-06-18 | 2.1 | CVE-2020-1834 MISC |
| ibm — api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. | 2020-06-12 | 3.5 | CVE-2020-4251 XF CONFIRM |
| ibm — spectrum_protect_client |
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | 2020-06-15 | 3.5 | CVE-2020-4406 XF CONFIRM |
| kumbiaphp — kumbiaphp |
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | 2020-06-15 | 3.5 | CVE-2020-14146 MISC MISC |
| linux — linux_kernel |
A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | 2020-06-12 | 3.6 | CVE-2020-10732 SUSE CONFIRM MISC MISC MISC MISC MISC |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. | 2020-06-19 | 3.5 | CVE-2019-20883 CONFIRM |
| micros_focus — arcsight_management_center |
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-16 | 3.5 | CVE-2020-11838 MISC |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14428 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14427 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14430 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. | 2020-06-18 | 3.3 | CVE-2020-14426 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14431 CONFIRM |
| open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows XSS. | 2020-06-16 | 3.5 | CVE-2020-8542 MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11903 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 4.7.1.27 mishandles ‘�’ termination in DHCP. | 2020-06-17 | 3.3 | CVE-2020-11908 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11912 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11914 MISC CISCO MISC MISC MISC |
| treck — transmission_control_protocol_internet_protocol_stack |
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11905 MISC CISCO CONFIRM MISC MISC MISC |
| wordpress — wordpress |
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | 2020-06-15 | 3.5 | CVE-2019-19110 MISC |
| wordpress — wordpress |
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | 2020-06-12 | 3.5 | CVE-2020-4049 MISC CONFIRM MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aapanel — aapanel | aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. | 2020-06-18 | not yet calculated | CVE-2020-14421 MISC MISC |
| abus — secvest_fube50001_device | The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. | 2020-06-17 | not yet calculated | CVE-2020-14157 MISC MISC |
| agentejo — cockpit | An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page’s content, creating a Reflected XSS attack vector. | 2020-06-17 | not yet calculated | CVE-2020-14408 MISC |
| alpine — alpine |
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 2020-06-19 | not yet calculated | CVE-2020-14929 MISC |
| apache — archiva |
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. | 2020-06-19 | not yet calculated | CVE-2020-9495 MISC MLIST MLIST MLIST MLIST MLIST |
| apache — karaf |
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an “admin” can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a “viewer” role. In the ‘etc/jmx.acl.cfg’, such as role can call get*. It’s possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as “viewer” doesn’t have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a “viewer” role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it’s possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer. | 2020-06-12 | not yet calculated | CVE-2020-11980 MISC |
| apache — tomee |
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 – 8.0.1, Apache TomEE 7.1.0 – 7.1.2, Apache TomEE 7.0.0-M1 – 7.0.7, Apache TomEE 1.0.0 – 1.7.5. | 2020-06-15 | not yet calculated | CVE-2020-11969 MISC MLIST |
| arm — mbed_os | Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors. | 2020-06-18 | not yet calculated | CVE-2020-12883 CONFIRM MISC MISC MISC |
| arm — mbed_os | An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop’s exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption. | 2020-06-18 | not yet calculated | CVE-2020-12885 CONFIRM MISC |
| arm — mbed_os |
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made. | 2020-06-18 | not yet calculated | CVE-2020-12884 CONFIRM MISC |
| arm — mbed_os |
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur. | 2020-06-18 | not yet calculated | CVE-2020-12886 CONFIRM MISC |
| arm — mbed_os |
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed. | 2020-06-18 | not yet calculated | CVE-2020-12887 CONFIRM MISC MISC MISC |
| beckhoff _automation — twincat_drivers |
Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device. | 2020-06-16 | not yet calculated | CVE-2020-12494 CONFIRM |
| bt_ctroms — terminal_os_port_portal_ct-464 |
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | 2020-06-19 | not yet calculated | CVE-2020-14930 MISC MISC |
| cisco — 7800_and_8800_series_ip_phones |
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. | 2020-06-18 | not yet calculated | CVE-2020-3360 CISCO |
| cisco — amp_for_endpoints_and_clamav |
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. | 2020-06-18 | not yet calculated | CVE-2020-3350 CISCO |
| cisco — asr_5000_series_aggregation_routers |
A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. | 2020-06-18 | not yet calculated | CVE-2020-3244 CISCO |
| cisco — asyncos_and_email_security_appliance |
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | 2020-06-18 | not yet calculated | CVE-2020-3368 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-06-18 | not yet calculated | CVE-2020-3356 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. | 2020-06-18 | not yet calculated | CVE-2020-3355 CISCO |
| cisco — data_center_network_manager |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. | 2020-06-18 | not yet calculated | CVE-2020-3354 CISCO |
| cisco — enterprise_nfv_infrastructure_software | A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device. | 2020-06-18 | not yet calculated | CVE-2020-3236 CISCO |
| cisco — ios_xr |
A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. | 2020-06-18 | not yet calculated | CVE-2020-3364 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3289 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3276 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3277 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3288 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3275 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3278 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3287 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3274 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3286 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3293 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3279 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3296 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3290 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-18 | not yet calculated | CVE-2020-3268 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-06-18 | not yet calculated | CVE-2020-3269 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3295 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3294 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3292 CISCO |
| cisco — multiple_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | 2020-06-18 | not yet calculated | CVE-2020-3291 CISCO |
| cisco — network_services_orchestrator |
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only. | 2020-06-18 | not yet calculated | CVE-2020-3362 CISCO |
| cisco — smart_software_manager_on-prem |
A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts. | 2020-06-18 | not yet calculated | CVE-2020-3245 CISCO |
|
cisco — telepresence_collaboration_endpoint__and_roomos |
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS. | 2020-06-18 | not yet calculated | CVE-2020-3336 CISCO |
| cisco — ucs_director |
A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device. | 2020-06-18 | not yet calculated | CVE-2020-3242 CISCO |
| cisco — ucs_director |
A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device. | 2020-06-18 | not yet calculated | CVE-2020-3241 CISCO |
| cisco — umbrella |
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | 2020-06-18 | not yet calculated | CVE-2020-3337 CISCO |
|
cisco — webex_meetings_and_webex_meetings_server |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. | 2020-06-18 | not yet calculated | CVE-2020-3361 CISCO |
| cisco — webex_meetings_desktop_app |
A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. | 2020-06-18 | not yet calculated | CVE-2020-3263 CISCO |
| cisco — webex_meetings_desktop_app_for_mac |
A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user. | 2020-06-18 | not yet calculated | CVE-2020-3342 CISCO |
| cisco — webex_meetings_desktop_app_for_windows |
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks. | 2020-06-18 | not yet calculated | CVE-2020-3347 CISCO |
| cisofy — lynis |
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks. | 2020-06-18 | not yet calculated | CVE-2020-13882 CONFIRM |
| cisofy — lynis |
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. | 2020-06-18 | not yet calculated | CVE-2019-13033 CONFIRM |
| cms_made_simple — cms_made_simple | CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 2020-06-19 | not yet calculated | CVE-2020-14926 MISC |
| connectwise — automate |
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178. | 2020-06-15 | not yet calculated | CVE-2020-14159 MISC |
| cypress — cyw20735_devices |
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending “l2ping -s 600” to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384. | 2020-06-16 | not yet calculated | CVE-2019-18614 MISC |
| dell — encryption_and_endpoint_security_suite | Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | 2020-06-15 | not yet calculated | CVE-2020-5358 MISC |
| digdash — digdash_enterprise | An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer. | 2020-06-15 | not yet calculated | CVE-2020-13651 MISC |
| digdash — digdash_enterprise |
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it’s possible to determine whether the request targeted a open service. | 2020-06-15 | not yet calculated | CVE-2020-13650 MISC |
| dmitry — deepmagic_information_gathering_tool |
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. | 2020-06-19 | not yet calculated | CVE-2020-14931 MISC |
| dojo — dijit | In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor’s LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. | 2020-06-15 | not yet calculated | CVE-2020-4051 MISC CONFIRM |
| dolibarr — dolibarr | A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 2020-06-18 | not yet calculated | CVE-2020-14443 CONFIRM |
| dolibarr — dolibarr |
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | 2020-06-19 | not yet calculated | CVE-2020-14475 MISC |
| ec-cube — ec-cube |
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 2020-06-19 | not yet calculated | CVE-2020-5590 MISC MISC MISC |
| fabulatech — usb_for_remote_desktop | ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. | 2020-06-17 | not yet calculated | CVE-2020-9332 MISC MISC |
| fasterxml — jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | 2020-06-16 | not yet calculated | CVE-2020-14195 MISC |
| fasterxml — jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | 2020-06-14 | not yet calculated | CVE-2020-14060 MISC MISC |
| fasterxml — jackson-databind |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | 2020-06-14 | not yet calculated | CVE-2020-14062 MISC MISC |
| fasterxml — jackson-databind |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | 2020-06-14 | not yet calculated | CVE-2020-14061 MISC MISC |
| ffmpeg — ffmpeg | FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | 2020-06-16 | not yet calculated | CVE-2020-14212 MISC MISC |
| fortiguard — fortimanager | Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | 2020-06-16 | not yet calculated | CVE-2020-9289 MISC |
| fortiguard — fortios |
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user’s credentials should that attacker be able to read the session file stored on the targeted device’s system. | 2020-06-16 | not yet calculated | CVE-2019-17655 MISC |
| gitlab — gitlab |
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 2020-06-19 | not yet calculated | CVE-2020-13274 CONFIRM MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 2020-06-19 | not yet calculated | CVE-2020-13261 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 2020-06-19 | not yet calculated | CVE-2020-13273 CONFIRM MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 2020-06-19 | not yet calculated | CVE-2020-13276 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 2020-06-19 | not yet calculated | CVE-2020-13265 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 2020-06-19 | not yet calculated | CVE-2020-13272 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 2020-06-19 | not yet calculated | CVE-2020-13277 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 2020-06-19 | not yet calculated | CVE-2020-13264 CONFIRM MISC MISC |
|
gitlab — gitlab_community_and_enterprise_editions |
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 2020-06-19 | not yet calculated | CVE-2020-13262 CONFIRM MISC MISC |
|
gitlab — gitlab_enterprise_edition |
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 2020-06-19 | not yet calculated | CVE-2020-13263 CONFIRM MISC MISC |
| gitlab — gitlab_enterprise_edition |
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 2020-06-19 | not yet calculated | CVE-2020-13275 CONFIRM MISC MISC |
| golang — go |
Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. | 2020-06-17 | not yet calculated | CVE-2020-14040 MISC |
| google — android |
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714 | 2020-06-16 | not yet calculated | CVE-2020-0232 MISC |
| google — android |
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280 | 2020-06-16 | not yet calculated | CVE-2020-0234 MISC |
| google — android |
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into “size” variable, and then use that variable as the size parameter for “copy_from_user”, ending up overwriting memory following “crus_sp_hdr”. “crus_sp_hdr” is a static variable, of type “struct crus_sp_ioctl_header”.Product: AndroidVersions: Android kernelAndroid ID: A-135129430 | 2020-06-16 | not yet calculated | CVE-2020-0235 MISC |
| google — android |
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450 | 2020-06-16 | not yet calculated | CVE-2020-0223 MISC |
| helm — helm | In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. | 2020-06-16 | not yet calculated | CVE-2020-4053 MISC MISC CONFIRM |
| huawei — fusionsphere |
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. | 2020-06-18 | not yet calculated | CVE-2020-9225 MISC |
| i2p — invisible_internet_project | I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. | 2020-06-16 | not yet calculated | CVE-2020-13431 MISC MISC |
|
ibm — business_automation_workflow_and_business_process_manager |
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716. | 2020-06-17 | not yet calculated | CVE-2020-4532 XF CONFIRM |
| ibm — doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. | 2020-06-19 | not yet calculated | CVE-2020-4297 XF CONFIRM |
| ibm — doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408. | 2020-06-19 | not yet calculated | CVE-2020-4295 XF CONFIRM |
| ibm — doors_next_generation |
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141. | 2020-06-19 | not yet calculated | CVE-2020-4281 XF CONFIRM |
| ibm — mq_appliance_and_mq_amqp_channels | IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | 2020-06-16 | not yet calculated | CVE-2020-4320 XF CONFIRM |
| intel — active_management_technology |
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | 2020-06-15 | not yet calculated | CVE-2020-0532 MISC |
| intel — active_management_technology |
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | not yet calculated | CVE-2020-0535 MISC |
| intel — active_management_technology_and_ intel_standard_manageability | Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-06-15 | not yet calculated | CVE-2020-0597 MISC CONFIRM |
|
intel — active_management_technology_and_ intel_standard_manageability |
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2020-06-15 | not yet calculated | CVE-2020-0595 MISC CONFIRM |
| intel — active_management_technology_and_ intel_standard_manageability | Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | not yet calculated | CVE-2020-8674 MISC CONFIRM |
|
intel — active_management_technology_and_ intel_standard_manageability |
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2020-06-15 | not yet calculated | CVE-2020-0594 MISC CONFIRM |
| intel — active_management_technology_and_ intel_standard_manageability | Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | not yet calculated | CVE-2020-0596 MISC CONFIRM |
| intel — converged_security_and_manageability_engine | Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-06-15 | not yet calculated | CVE-2020-0534 MISC |
|
intel — converged_security_and_manageability_engine |
Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. | 2020-06-15 | not yet calculated | CVE-2020-0541 MISC |
| intel — converged_security_and_manageability_engine |
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 2020-06-15 | not yet calculated | CVE-2020-0533 MISC |
|
intel — converged_security_and_manageability_engine_and_trusted_execution_engine |
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | not yet calculated | CVE-2020-0536 MISC |
|
intel — converged_security_and_manageability_engine_and_trusted_execution_engine |
Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. | 2020-06-15 | not yet calculated | CVE-2020-0539 MISC |
|
intel — converged_security_and_manageability_engine_and_trusted_execution_engine |
Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | 2020-06-15 | not yet calculated | CVE-2020-0542 MISC |
| intel — innovation_engine | Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 2020-06-15 | not yet calculated | CVE-2020-8675 MISC |
| intel — multiple_core_processors |
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 2020-06-15 | not yet calculated | CVE-2020-0528 MISC |
| intel — multiple_core_processors |
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | 2020-06-15 | not yet calculated | CVE-2020-0529 MISC |
| intel — multiple_core_processors |
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. | 2020-06-15 | not yet calculated | CVE-2020-0531 MISC |
| intel — multiple_processors | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2020-06-15 | not yet calculated | CVE-2020-0543 SUSE FEDORA FEDORA UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU MISC |
| intel — multiple_products |
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. | 2020-06-15 | not yet calculated | CVE-2020-0545 MISC |
| intel — multiple_solid_state_drives |
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. | 2020-06-15 | not yet calculated | CVE-2020-0527 MISC |
| intel — server_platform_services | Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 2020-06-15 | not yet calculated | CVE-2020-0586 MISC |
|
intel — trusted_execution_engine |
Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 2020-06-15 | not yet calculated | CVE-2020-0566 MISC |
| internet_systems_consortium — berkeley_internet_name_domain | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | 2020-06-17 | not yet calculated | CVE-2020-8618 CONFIRM |
| internet_systems_consortium — berkeley_internet_name_domain | Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (“*”) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. | 2020-06-17 | not yet calculated | CVE-2020-8619 CONFIRM |
| jerryscript — jerryscript |
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c. | 2020-06-15 | not yet calculated | CVE-2020-14163 MISC MISC |
| kuka — kuka_controller |
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs. | 2020-06-16 | not yet calculated | CVE-2020-10268 CONFIRM |
| light_code_labs — caddy |
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | 2020-06-15 | not yet calculated | CVE-2018-21246 MISC MISC |
| linux — linux_kernel |
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. | 2020-06-18 | not yet calculated | CVE-2020-14416 MISC MISC MISC |
| linux_foundation — jaeger | Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials. | 2020-06-19 | not yet calculated | CVE-2020-10750 CONFIRM CONFIRM |
| mailjet — mjml |
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | 2020-06-17 | not yet calculated | CVE-2020-12827 MISC FULLDISC MISC MISC MISC MISC MISC |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | 2020-06-19 | not yet calculated | CVE-2018-21265 CONFIRM |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | 2020-06-19 | not yet calculated | CVE-2019-20861 CONFIRM |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | 2020-06-19 | not yet calculated | CVE-2019-20856 CONFIRM |
| mattermost — mattermost_desktop_apps |
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001. | 2020-06-19 | not yet calculated | CVE-2020-14460 CONFIRM |
| mattermost — mattermost_desktop_apps |
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | 2020-06-19 | not yet calculated | CVE-2020-14456 CONFIRM |
| mattermost — mattermost_desktop_apps |
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | 2020-06-19 | not yet calculated | CVE-2020-14455 CONFIRM |
| mattermost — mattermost_desktop_apps |
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | 2020-06-19 | not yet calculated | CVE-2020-14454 CONFIRM |
| mattermost — mattermost_mobile_apps | An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. | 2020-06-19 | not yet calculated | CVE-2019-20848 CONFIRM |
| mattermost — mattermost_mobile_apps | An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | 2020-06-19 | not yet calculated | CVE-2019-20850 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. | 2020-06-19 | not yet calculated | CVE-2020-14449 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | 2020-06-19 | not yet calculated | CVE-2020-14451 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | 2020-06-19 | not yet calculated | CVE-2019-20849 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. | 2020-06-19 | not yet calculated | CVE-2019-20851 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | 2020-06-19 | not yet calculated | CVE-2019-20852 CONFIRM |
| mattermost — mattermost_packages | An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. | 2020-06-19 | not yet calculated | CVE-2019-20853 CONFIRM |
| mattermost — mattermost_plugins |
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person’s GitHub account. | 2020-06-19 | not yet calculated | CVE-2019-20864 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. | 2020-06-19 | not yet calculated | CVE-2018-21255 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. | 2020-06-19 | not yet calculated | CVE-2017-18872 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data. | 2020-06-19 | not yet calculated | CVE-2017-18883 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | 2020-06-19 | not yet calculated | CVE-2019-20865 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | 2020-06-19 | not yet calculated | CVE-2018-21248 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | 2020-06-19 | not yet calculated | CVE-2017-18896 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | 2020-06-19 | not yet calculated | CVE-2016-11062 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | 2020-06-19 | not yet calculated | CVE-2016-11069 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. | 2020-06-19 | not yet calculated | CVE-2017-18895 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | 2020-06-19 | not yet calculated | CVE-2017-18889 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | 2020-06-19 | not yet calculated | CVE-2016-11064 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | 2020-06-19 | not yet calculated | CVE-2017-18897 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | 2020-06-19 | not yet calculated | CVE-2017-18909 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | 2020-06-19 | not yet calculated | CVE-2017-18891 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | 2020-06-19 | not yet calculated | CVE-2017-18892 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. | 2020-06-19 | not yet calculated | CVE-2017-18893 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | 2020-06-19 | not yet calculated | CVE-2017-18908 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | 2020-06-19 | not yet calculated | CVE-2017-18894 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. | 2020-06-19 | not yet calculated | CVE-2017-18907 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else’s account. | 2020-06-19 | not yet calculated | CVE-2017-18906 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. | 2020-06-19 | not yet calculated | CVE-2017-18901 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 2020-06-19 | not yet calculated | CVE-2017-18905 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. | 2020-06-19 | not yet calculated | CVE-2017-18871 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | 2020-06-19 | not yet calculated | CVE-2016-11078 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post’s appearance. | 2020-06-19 | not yet calculated | CVE-2016-11065 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | 2020-06-19 | not yet calculated | CVE-2017-18899 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. | 2020-06-19 | not yet calculated | CVE-2017-18900 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf. | 2020-06-19 | not yet calculated | CVE-2017-18885 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. | 2020-06-19 | not yet calculated | CVE-2017-18902 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request. | 2020-06-19 | not yet calculated | CVE-2017-18890 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | 2020-06-19 | not yet calculated | CVE-2016-11063 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | 2020-06-19 | not yet calculated | CVE-2017-18903 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | 2020-06-19 | not yet calculated | CVE-2016-11067 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | 2020-06-19 | not yet calculated | CVE-2016-11066 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. | 2020-06-19 | not yet calculated | CVE-2017-18873 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. | 2020-06-19 | not yet calculated | CVE-2017-18877 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | 2020-06-19 | not yet calculated | CVE-2017-18874 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | 2020-06-19 | not yet calculated | CVE-2017-18879 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. | 2020-06-19 | not yet calculated | CVE-2017-18898 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | 2020-06-19 | not yet calculated | CVE-2017-18870 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | 2020-06-19 | not yet calculated | CVE-2017-18875 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. | 2020-06-19 | not yet calculated | CVE-2017-18876 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | 2020-06-19 | not yet calculated | CVE-2016-11084 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | 2020-06-19 | not yet calculated | CVE-2016-11083 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | 2020-06-19 | not yet calculated | CVE-2016-11082 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | 2020-06-19 | not yet calculated | CVE-2016-11081 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user’s session. | 2020-06-19 | not yet calculated | CVE-2017-18878 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | 2020-06-19 | not yet calculated | CVE-2016-11080 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | 2020-06-19 | not yet calculated | CVE-2016-11079 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | 2020-06-19 | not yet calculated | CVE-2016-11077 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. | 2020-06-19 | not yet calculated | CVE-2017-18884 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. | 2020-06-19 | not yet calculated | CVE-2017-18888 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | 2020-06-19 | not yet calculated | CVE-2016-11076 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | 2020-06-19 | not yet calculated | CVE-2016-11075 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | 2020-06-19 | not yet calculated | CVE-2016-11074 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | 2020-06-19 | not yet calculated | CVE-2016-11073 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | 2020-06-19 | not yet calculated | CVE-2016-11072 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | 2020-06-19 | not yet calculated | CVE-2016-11071 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | 2020-06-19 | not yet calculated | CVE-2017-18880 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | 2020-06-19 | not yet calculated | CVE-2016-11070 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. | 2020-06-19 | not yet calculated | CVE-2017-18881 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | 2020-06-19 | not yet calculated | CVE-2016-11068 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | 2020-06-19 | not yet calculated | CVE-2017-18882 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator’s e-mail address to members. | 2020-06-19 | not yet calculated | CVE-2017-18887 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | 2020-06-19 | not yet calculated | CVE-2018-21256 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | 2020-06-19 | not yet calculated | CVE-2017-18886 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | 2020-06-19 | not yet calculated | CVE-2019-20874 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | 2020-06-19 | not yet calculated | CVE-2018-21261 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | 2020-06-19 | not yet calculated | CVE-2019-20863 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. | 2020-06-19 | not yet calculated | CVE-2019-20873 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | 2020-06-19 | not yet calculated | CVE-2018-21253 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. | 2020-06-19 | not yet calculated | CVE-2018-21254 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post. | 2020-06-19 | not yet calculated | CVE-2019-20867 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | 2020-06-19 | not yet calculated | CVE-2019-20882 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API. | 2020-06-19 | not yet calculated | CVE-2018-21257 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | 2020-06-19 | not yet calculated | CVE-2018-21258 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. | 2020-06-19 | not yet calculated | CVE-2018-21259 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | 2020-06-19 | not yet calculated | CVE-2018-21260 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | 2020-06-19 | not yet calculated | CVE-2019-20868 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | 2020-06-19 | not yet calculated | CVE-2017-18919 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID. | 2020-06-19 | not yet calculated | CVE-2019-20870 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. | 2020-06-19 | not yet calculated | CVE-2019-20871 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user’s account via a crafted SAML response. | 2020-06-19 | not yet calculated | CVE-2018-21263 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | 2020-06-19 | not yet calculated | CVE-2018-21251 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | 2020-06-19 | not yet calculated | CVE-2018-21264 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | 2020-06-19 | not yet calculated | CVE-2019-20841 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | 2020-06-19 | not yet calculated | CVE-2019-20847 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | 2020-06-19 | not yet calculated | CVE-2019-20872 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | 2020-06-19 | not yet calculated | CVE-2019-20890 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | 2020-06-19 | not yet calculated | CVE-2019-20889 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. | 2020-06-19 | not yet calculated | CVE-2019-20887 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. | 2020-06-19 | not yet calculated | CVE-2019-20869 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | 2020-06-19 | not yet calculated | CVE-2019-20886 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | 2020-06-19 | not yet calculated | CVE-2019-20881 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | 2020-06-19 | not yet calculated | CVE-2017-18904 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | 2020-06-19 | not yet calculated | CVE-2017-18915 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | 2020-06-19 | not yet calculated | CVE-2015-9548 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. | 2020-06-19 | not yet calculated | CVE-2019-20878 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | 2020-06-19 | not yet calculated | CVE-2019-20876 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. | 2020-06-19 | not yet calculated | CVE-2019-20875 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | 2020-06-19 | not yet calculated | CVE-2018-21252 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. | 2020-06-19 | not yet calculated | CVE-2019-20866 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | 2020-06-19 | not yet calculated | CVE-2018-21250 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | 2020-06-19 | not yet calculated | CVE-2017-18911 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. | 2020-06-19 | not yet calculated | CVE-2019-20855 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | 2020-06-19 | not yet calculated | CVE-2019-20857 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | 2020-06-19 | not yet calculated | CVE-2019-20858 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. | 2020-06-19 | not yet calculated | CVE-2019-20859 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. | 2020-06-19 | not yet calculated | CVE-2019-20860 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. | 2020-06-19 | not yet calculated | CVE-2019-20879 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. | 2020-06-19 | not yet calculated | CVE-2017-18913 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | 2020-06-19 | not yet calculated | CVE-2017-18916 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team’s slash commands. | 2020-06-19 | not yet calculated | CVE-2019-20862 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | 2020-06-19 | not yet calculated | CVE-2017-18912 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | 2020-06-19 | not yet calculated | CVE-2017-18914 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. | 2020-06-19 | not yet calculated | CVE-2017-18921 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | 2020-06-19 | not yet calculated | CVE-2018-21249 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | 2020-06-19 | not yet calculated | CVE-2017-18920 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. | 2020-06-19 | not yet calculated | CVE-2017-18918 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | 2020-06-19 | not yet calculated | CVE-2017-18917 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | 2020-06-19 | not yet calculated | CVE-2019-20854 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | 2020-06-19 | not yet calculated | CVE-2017-18910 CONFIRM |
| mergeobjects — mergeobjects | The mergeObjects utility function is susceptible to Prototype Pollution. | 2020-06-19 | not yet calculated | CVE-2020-7679 MISC MISC MISC |
| monitorapp — aiwaf-ve_and_aiwaf-4000 |
MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected Cross-Site Scripting (XSS) through a crafted URL. This occurs because the Detect URL field displays the original URL. | 2020-06-16 | not yet calculated | CVE-2020-14210 MISC |
| morgan_stanley — hobbes |
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. | 2020-06-12 | not yet calculated | CVE-2020-13656 MISC |
| mutt — mutt |
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | 2020-06-15 | not yet calculated | CVE-2020-14154 MISC MISC |
| mversion — mversion |
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function. | 2020-06-18 | not yet calculated | CVE-2020-4059 MISC CONFIRM |
| naviwebs — navigate_cms | Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the “Web Sites > Create > Aliases > Add” screen. | 2020-06-19 | not yet calculated | CVE-2020-14927 MISC |
| netflix — conductor | Netflix Conductor uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | 2020-06-16 | not yet calculated | CVE-2020-9296 MISC |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | not yet calculated | CVE-2020-14432 CONFIRM |
| ngircd — ngircd |
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | 2020-06-15 | not yet calculated | CVE-2020-14148 MISC MISC MISC MISC MISC |
| nordaaker — convos |
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations. | 2020-06-18 | not yet calculated | CVE-2020-14423 MISC MISC MISC |
| nut — nut |
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. | 2020-06-12 | not yet calculated | CVE-2019-16252 MISC |
| octopus — deploy | In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 2020-06-19 | not yet calculated | CVE-2020-14470 MISC |
| open_microscopy_environment — omero | OMERO before 5.6.1 makes the details of each user available to all users. | 2020-06-17 | not yet calculated | CVE-2019-16245 CONFIRM |
| open_microscopy_environment — omero |
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | 2020-06-17 | not yet calculated | CVE-2019-9943 CONFIRM |
| open_microscopy_environment — omero |
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. | 2020-06-17 | not yet calculated | CVE-2019-9944 CONFIRM |
| open_microscopy_environment — omero |
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed. | 2020-06-17 | not yet calculated | CVE-2020-7932 CONFIRM |
| openbmc — openbmc |
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. | 2020-06-15 | not yet calculated | CVE-2020-14156 CONFIRM MISC CONFIRM |
| pcre — perl_compatible_regular_expressions | libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and X or R has more than one fixed quantifier, a related issue to CVE-2019-20454. | 2020-06-15 | not yet calculated | CVE-2019-20838 MISC MISC |
| plex — media_server | Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 2020-06-15 | not yet calculated | CVE-2020-5742 MISC |
| pulse_secure — pulse_secure_client |
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | 2020-06-16 | not yet calculated | CVE-2020-13162 MISC FULLDISC MISC CONFIRM MISC MISC MISC MISC |
| python — python |
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 2020-06-18 | not yet calculated | CVE-2020-14422 MISC MISC |
| rack — rack | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 2020-06-19 | not yet calculated | CVE-2020-8184 MISC MISC |
| red_hat — ansible_tower |
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. | 2020-06-18 | not yet calculated | CVE-2020-10782 CONFIRM |
| redislabs — redis | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. | 2020-06-15 | not yet calculated | CVE-2020-14147 MISC MISC |
| requarks.io — wiki.js | In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107. | 2020-06-16 | not yet calculated | CVE-2020-4052 MISC CONFIRM |
| rockwell_automation — factorytalk_linx_and_rslinx | FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. | 2020-06-15 | not yet calculated | CVE-2020-12003 MISC |
| rockwell_automation — factorytalk_linx_and_rslinx |
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. | 2020-06-15 | not yet calculated | CVE-2020-11999 MISC |
| rockwell_automation — factorytalk_linx_and_rslinx |
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. | 2020-06-15 | not yet calculated | CVE-2020-12001 MISC |
| rockwell_automation — factorytalk_linx_and_rslinx |
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. | 2020-06-15 | not yet calculated | CVE-2020-12005 MISC |
| rtslib-fb — rtslib-fb | Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | 2020-06-19 | not yet calculated | CVE-2020-14019 MISC |
| ruby_on_rails — ruby_on_rails | A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 2020-06-19 | not yet calculated | CVE-2020-8164 MISC MISC MLIST |
| ruby_on_rails — ruby_on_rails | A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage’s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 2020-06-19 | not yet calculated | CVE-2020-8162 MISC MISC |
| ruby_on_rails — ruby_on_rails | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | 2020-06-19 | not yet calculated | CVE-2020-8167 MISC MISC |
| ruby_on_rails — ruby_on_rails | A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | 2020-06-19 | not yet calculated | CVE-2020-8165 MISC MISC MLIST |
| satoshilabs — trezor_one_and_trezor_model_t | BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T. | 2020-06-16 | not yet calculated | CVE-2020-14199 MISC |
| schneider_electric — modicon_m218_logic_controller | A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | 2020-06-16 | not yet calculated | CVE-2020-7502 MISC |
| schneider_electric — pro_ex | A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | 2020-06-16 | not yet calculated | CVE-2020-7492 MISC |
| schneider_electric — u.motion_servers_and_touch_panels | A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. | 2020-06-16 | not yet calculated | CVE-2020-7500 MISC |
| schneider_electric — u.motion_servers_and_touch_panels |
A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | 2020-06-16 | not yet calculated | CVE-2020-7499 MISC |
| schneider_electric — unity_loader_and_os_loader |
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. | 2020-06-16 | not yet calculated | CVE-2020-7498 MISC |
| schneider_electric — vijeo_designer_basic_and_vijeo_designer |
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | 2020-06-16 | not yet calculated | CVE-2020-7501 MISC |
| sokkia — gnr5_vanguard_web | SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. | 2020-06-15 | not yet calculated | CVE-2020-14054 MISC |
| sophos — sg_firewall |
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 2020-06-18 | not yet calculated | CVE-2020-11503 CONFIRM |
| squirrelmail — squirrelmail | compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. | 2020-06-20 | not yet calculated | CVE-2020-14932 MISC |
| squirrelmail — squirrelmail | compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 2020-06-20 | not yet calculated | CVE-2020-14933 MISC |
| stashcat — stashcat |
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users’s context. | 2020-06-17 | not yet calculated | CVE-2020-13637 MISC MISC |
| strapi — strapi |
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | 2020-06-19 | not yet calculated | CVE-2020-13961 MISC CONFIRM CONFIRM |
| tp-link — multiple_devices |
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow | 2020-06-17 | not yet calculated | CVE-2020-13224 MISC MISC |
| troglobit — uftpd | In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. | 2020-06-15 | not yet calculated | CVE-2020-14149 MISC MISC MISC |
| viki_solutions — vera |
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. | 2020-06-12 | not yet calculated | CVE-2019-15123 MISC MISC |
| vmware — tools_for_macos |
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | 2020-06-19 | not yet calculated | CVE-2020-3972 MISC |
| webroot — endpoint_agent |
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | 2020-06-15 | not yet calculated | CVE-2020-5754 MISC |
| webroot — endpoint_agent |
Webroot endpoint agents prior to version v9.0.28.48 did not protect the “%PROGRAMDATA%WrDataPKG” directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | 2020-06-15 | not yet calculated | CVE-2020-5755 MISC |
| woocommerce — woocommerce | WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 2020-06-19 | not yet calculated | CVE-2019-20891 MISC MISC |
| wordpress — wordpress |
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) | 2020-06-18 | not yet calculated | CVE-2020-13640 MISC MISC MISC MISC |
| wso2 — identity_server | An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. | 2020-06-18 | not yet calculated | CVE-2020-14446 CONFIRM |
| wso2 — identity_server | An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. | 2020-06-18 | not yet calculated | CVE-2020-14445 CONFIRM |
| wso2 — identity_server |
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. | 2020-06-18 | not yet calculated | CVE-2020-14444 CONFIRM |
| zammad — zammad | In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | 2020-06-16 | not yet calculated | CVE-2020-14213 MISC MISC |
| zammad — zammad |
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization. | 2020-06-16 | not yet calculated | CVE-2020-14214 MISC MISC |
| zte — ztemarket_apk | All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. | 2020-06-17 | not yet calculated | CVE-2020-6869 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.