Original release date: June 29, 2020
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — shiro |
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 2020-06-22 | 7.5 | CVE-2020-11989 MISC |
| conjur — oss_helm_chart |
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker’s privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term “isolated” refers to: – No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. – Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC). | 2020-06-22 | 7.7 | CVE-2020-4062 MISC CONFIRM |
| dmitry — deepmagic_information_gathering_tool |
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. | 2020-06-19 | 7.5 | CVE-2020-14931 MISC |
| gitlab — gitlab_community_and_enterprise_editions |
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 2020-06-19 | 7.8 | CVE-2020-13273 CONFIRM MISC |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | 2020-06-19 | 7.5 | CVE-2016-11064 CONFIRM |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | 2020-06-19 | 7.5 | CVE-2020-14456 CONFIRM |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | 2020-06-19 | 7.5 | CVE-2019-20856 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | 2020-06-19 | 7.5 | CVE-2017-18915 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | 2020-06-19 | 7.5 | CVE-2017-18920 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | 2020-06-19 | 7.5 | CVE-2018-21251 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | 2020-06-19 | 7.5 | CVE-2017-18908 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | 2020-06-19 | 7.5 | CVE-2017-18912 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf. | 2020-06-19 | 7.5 | CVE-2017-18885 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. | 2020-06-19 | 7.5 | CVE-2017-18888 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. | 2020-06-19 | 7.5 | CVE-2017-18900 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | 2020-06-19 | 7.5 | CVE-2016-11074 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | 2020-06-19 | 7.5 | CVE-2019-20881 CONFIRM |
| mergeobjects — mergeobjects |
The mergeObjects utility function is susceptible to Prototype Pollution. | 2020-06-19 | 7.5 | CVE-2020-7679 MISC MISC MISC |
| qualcomm — multiple_snapdragon_products |
Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3661 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130 | 2020-06-22 | 7.2 | CVE-2019-14047 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.2 | CVE-2019-10597 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3663 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3662 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-06-22 | 7.5 | CVE-2020-3660 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2020-3614 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 10 | CVE-2019-14062 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2019-14073 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-06-22 | 7.5 | CVE-2019-14080 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 | 2020-06-22 | 7.2 | CVE-2020-3613 CONFIRM MISC |
| qualcomm — snapdragon_consumer_iot |
Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 | 2020-06-22 | 10 | CVE-2020-3628 CONFIRM MISC |
| rtslib-fb — rtslib-fb |
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | 2020-06-19 | 7.5 | CVE-2020-14019 MISC |
| ruby_on_rails — ruby_on_rails |
A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | 2020-06-19 | 7.5 | CVE-2020-8165 MISC MISC MLIST |
| sourcecodester — pisay_online_e-learning_system |
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. | 2020-06-22 | 7.5 | CVE-2020-14972 MISC MISC |
| squirrelmail — squirrelmail |
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 2020-06-20 | 7.5 | CVE-2020-14933 MISC |
| squirrelmail — squirrelmail |
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. | 2020-06-20 | 7.5 | CVE-2020-14932 MISC |
| tendenci — tendenci |
Tendenci 12.0.10 allows unrestricted deserialization in appshelpdeskviewsstaff.py. | 2020-06-21 | 7.5 | CVE-2020-14942 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aapanel — aapanel |
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 2020-06-21 | 6.5 | CVE-2020-14950 MISC |
| alpine — alpine |
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 2020-06-19 | 5 | CVE-2020-14929 MISC MLIST |
| apache — archiva |
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. | 2020-06-19 | 5 | CVE-2020-9495 MISC MLIST MLIST MLIST MLIST MLIST |
| bitdefender — total_security_2020 |
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | 2020-06-22 | 6.8 | CVE-2020-8102 MISC |
| bt_ctroms — terminal_os_port_portal_ct-464 |
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | 2020-06-19 | 4.3 | CVE-2020-14930 MISC MISC |
| dolibarr — dolibarr |
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | 2020-06-19 | 4.3 | CVE-2020-14475 MISC |
| ec-cube — ec-cube |
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 2020-06-19 | 5.5 | CVE-2020-5590 MISC MISC MISC |
| fortinet — fortideceptor |
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | 2020-06-22 | 6.8 | CVE-2020-6644 CONFIRM |
| gitlab — gitlab_community_and_enterprise_editions |
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 2020-06-19 | 5 | CVE-2020-13265 CONFIRM MISC MISC |
| gitlab — gitlab_community_and_enterprise_editions |
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 2020-06-19 | 4.3 | CVE-2020-13262 CONFIRM MISC MISC |
| gitlab — gitlab_community_and_enterprise_editions |
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 2020-06-19 | 5 | CVE-2020-13264 CONFIRM MISC MISC |
| gitlab — gitlab_community_and_enterprise_editions |
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 2020-06-19 | 4 | CVE-2020-13276 CONFIRM MISC MISC |
| gitlab — gitlab_community_and_enterprise_editions |
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 2020-06-19 | 4 | CVE-2020-13277 CONFIRM MISC MISC |
| gitlab — gitlab_community_and_enterprise_editions |
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 2020-06-19 | 6.5 | CVE-2020-13272 CONFIRM MISC MISC |
| gitlab — gitlab_enterprise_edition |
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 2020-06-19 | 5.5 | CVE-2020-13275 CONFIRM MISC MISC |
| gogs — gogs |
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a “not the owner of the email” check. | 2020-06-21 | 4 | CVE-2020-14958 MISC MISC |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514. | 2020-06-24 | 4.3 | CVE-2020-4323 XF CONFIRM |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. | 2020-06-24 | 4.3 | CVE-2020-4413 XF CONFIRM |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | 2020-06-24 | 5 | CVE-2020-4327 XF CONFIRM |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | 2020-06-24 | 5 | CVE-2020-4341 XF CONFIRM |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | 2020-06-24 | 5 | CVE-2020-4342 XF CONFIRM |
| ibm — security_secret_server |
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | 2020-06-24 | 4.3 | CVE-2020-4322 XF CONFIRM |
| information_builders — webfocus_business_intelligence |
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. | 2020-06-22 | 5.8 | CVE-2020-14204 MISC |
| information_builders — webfocus_business_intelligence |
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | 2020-06-22 | 4.3 | CVE-2020-14202 MISC |
| information_builders — webfocus_business_intelligence |
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | 2020-06-22 | 6.8 | CVE-2020-14203 MISC |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | 2020-06-19 | 6.8 | CVE-2019-20861 CONFIRM |
| mattermost — mattermost_desktop_app |
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | 2020-06-19 | 4.3 | CVE-2020-14455 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. | 2020-06-19 | 4 | CVE-2017-18918 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | 2020-06-19 | 6.4 | CVE-2016-11072 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team’s slash commands. | 2020-06-19 | 5 | CVE-2019-20862 CONFIRM |
| mattermost — mattermost_server | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. | 2020-06-19 | 4.3 | CVE-2017-18881 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | 2020-06-19 | 4.3 | CVE-2016-11082 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | 2020-06-19 | 4.3 | CVE-2016-11083 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | 2020-06-19 | 4.3 | CVE-2016-11079 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | 2020-06-19 | 4.3 | CVE-2017-18882 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | 2020-06-19 | 4.3 | CVE-2016-11073 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | 2020-06-19 | 4.3 | CVE-2016-11071 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | 2020-06-19 | 4.3 | CVE-2016-11063 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. | 2020-06-19 | 4 | CVE-2019-20873 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | 2020-06-19 | 5 | CVE-2017-18917 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | 2020-06-19 | 4.3 | CVE-2017-18879 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID. | 2020-06-19 | 4 | CVE-2019-20870 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | 2020-06-19 | 4.3 | CVE-2016-11084 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | 2020-06-19 | 4.3 | CVE-2017-18880 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | 2020-06-19 | 4 | CVE-2018-21260 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | 2020-06-19 | 4.3 | CVE-2017-18909 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | 2020-06-19 | 4.3 | CVE-2017-18892 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | 2020-06-19 | 4 | CVE-2016-11078 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | 2020-06-19 | 4 | CVE-2018-21253 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | 2020-06-19 | 4 | CVE-2017-18910 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post’s appearance. | 2020-06-19 | 4 | CVE-2016-11065 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. | 2020-06-19 | 4 | CVE-2019-20879 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | 2020-06-19 | 4.3 | CVE-2018-21249 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | 2020-06-19 | 5 | CVE-2018-21248 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | 2020-06-19 | 4 | CVE-2016-11081 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | 2020-06-19 | 4 | CVE-2016-11080 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | 2020-06-19 | 4 | CVE-2016-11077 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. | 2020-06-19 | 4.3 | CVE-2017-18877 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. | 2020-06-19 | 4 | CVE-2019-20887 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | 2020-06-19 | 4 | CVE-2019-20890 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | 2020-06-19 | 4 | CVE-2017-18889 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. | 2020-06-19 | 4.3 | CVE-2017-18913 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. | 2020-06-19 | 4 | CVE-2019-20878 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. | 2020-06-19 | 4.3 | CVE-2017-18907 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | 2020-06-19 | 4.3 | CVE-2017-18904 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. | 2020-06-19 | 4.3 | CVE-2017-18921 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | 2020-06-19 | 6.8 | CVE-2019-20841 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 2020-06-19 | 5 | CVE-2017-18905 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | 2020-06-19 | 5 | CVE-2017-18899 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | 2020-06-19 | 5 | CVE-2018-21258 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. | 2020-06-19 | 4.3 | CVE-2017-18893 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post. | 2020-06-19 | 5 | CVE-2019-20867 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | 2020-06-19 | 5 | CVE-2017-18916 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | 2020-06-19 | 5 | CVE-2016-11075 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. | 2020-06-19 | 5 | CVE-2017-18902 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. | 2020-06-19 | 5 | CVE-2017-18901 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | 2020-06-19 | 5 | CVE-2016-11069 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user’s account via a crafted SAML response. | 2020-06-19 | 6.5 | CVE-2018-21263 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | 2020-06-19 | 5 | CVE-2019-20889 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. | 2020-06-19 | 5 | CVE-2017-18898 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | 2020-06-19 | 6.8 | CVE-2019-20865 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | 2020-06-19 | 5 | CVE-2017-18896 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | 2020-06-19 | 5 | CVE-2019-20857 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. | 2020-06-19 | 5 | CVE-2017-18895 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | 2020-06-19 | 5 | CVE-2017-18919 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. | 2020-06-19 | 5 | CVE-2017-18871 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | 2020-06-19 | 5 | CVE-2019-20847 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | 2020-06-19 | 5 | CVE-2019-20854 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. | 2020-06-19 | 5 | CVE-2019-20855 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | 2020-06-19 | 5 | CVE-2016-11076 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | 2020-06-19 | 5 | CVE-2019-20886 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | 2020-06-19 | 6.4 | CVE-2017-18911 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator’s e-mail address to members. | 2020-06-19 | 5 | CVE-2017-18887 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | 2020-06-19 | 5 | CVE-2019-20868 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. | 2020-06-19 | 5 | CVE-2019-20875 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | 2020-06-19 | 5 | CVE-2019-20882 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | 2020-06-19 | 5.8 | CVE-2017-18897 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | 2020-06-19 | 5.8 | CVE-2020-14454 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | 2020-06-19 | 5 | CVE-2019-20874 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | 2020-06-19 | 5.5 | CVE-2017-18894 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | 2020-06-19 | 5.5 | CVE-2019-20876 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | 2020-06-19 | 5.1 | CVE-2017-18903 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | 2020-06-19 | 5 | CVE-2016-11062 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | 2020-06-19 | 5 | CVE-2015-9548 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | 2020-06-19 | 5 | CVE-2016-11066 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | 2020-06-19 | 5 | CVE-2016-11068 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. | 2020-06-19 | 5 | CVE-2019-20871 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | 2020-06-19 | 5 | CVE-2017-18914 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | 2020-06-19 | 5 | CVE-2019-20863 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. | 2020-06-19 | 5 | CVE-2019-20859 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | 2020-06-19 | 5 | CVE-2019-20858 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | 2020-06-19 | 6.5 | CVE-2017-18886 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | 2020-06-19 | 5 | CVE-2016-11067 CONFIRM |
| mutt — mutt_and_neomutt |
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a “begin TLS” response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka “response injection.” | 2020-06-21 | 4.3 | CVE-2020-14954 MISC MISC MISC MISC MISC MISC DEBIAN DEBIAN |
| octopus — deploy |
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 2020-06-19 | 4 | CVE-2020-14470 MISC |
| php-fusion — php-fusion |
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | 2020-06-22 | 6.5 | CVE-2020-14960 MISC MISC MISC |
| qualcomm — multiple_snapdragon_products |
Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14094 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 6.4 | CVE-2020-3658 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14076 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | 2020-06-22 | 4.6 | CVE-2019-14091 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3626 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3635 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3642 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150 | 2020-06-22 | 4.6 | CVE-2020-3665 CONFIRM MISC |
| qualcomm — multiple_snapdragon_products |
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 4.6 | CVE-2020-3676 CONFIRM MISC |
| rack — rack |
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 2020-06-19 | 5 | CVE-2020-8184 MISC MISC |
| red_hat — quay |
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. | 2020-06-22 | 4.3 | CVE-2019-3865 CONFIRM |
| ruby_on_rails — ruby_on_rails |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | 2020-06-19 | 4.3 | CVE-2020-8167 MISC MISC |
| ruby_on_rails — ruby_on_rails |
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage’s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 2020-06-19 | 5 | CVE-2020-8162 MISC MISC |
| ruby_on_rails — ruby_on_rails |
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 2020-06-19 | 5 | CVE-2020-8164 MISC MISC MLIST |
| sophos — secure_email |
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 2020-06-22 | 4.3 | CVE-2020-14980 MISC |
| strapi — strapi |
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | 2020-06-19 | 4 | CVE-2020-13961 MISC CONFIRM CONFIRM |
| victor_cms — victor_cms |
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. | 2020-06-22 | 4.3 | CVE-2020-13427 MISC MISC |
| vinades — nukeviet |
modulesusersadminedit.php in NukeViet 4.4 allows CSRF to change a user’s password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. | 2020-06-23 | 4.3 | CVE-2020-13157 MISC MISC |
| vinades — nukeviet |
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | 2020-06-23 | 6.8 | CVE-2020-13155 MISC MISC |
| vinades — nukeviet |
modulesusersadminadd_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. | 2020-06-23 | 4.3 | CVE-2020-13156 MISC MISC |
| webtareas — webtereas |
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | 2020-06-22 | 4.3 | CVE-2020-14973 MISC MISC |
| woocommerce — woocommerce |
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 2020-06-19 | 6.8 | CVE-2019-20891 MISC MISC |
| wordpress — wordpress |
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | 2020-06-22 | 4.3 | CVE-2020-13426 MISC MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
| zyxel — armor_x1_wap6806_devices | Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | 2020-06-22 | 5 | CVE-2020-14461 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cms_made_simple — cms_made_simple |
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 2020-06-19 | 3.5 | CVE-2020-14926 MISC |
| fortinet — fortiwlc |
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | 2020-06-22 | 3.5 | CVE-2020-9288 CONFIRM |
| global_radar — bsa_radar |
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. | 2020-06-22 | 3.5 | CVE-2020-14943 MISC MISC MISC |
| ibm — doors_next_generation |
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408. | 2020-06-19 | 3.5 | CVE-2020-4295 XF CONFIRM |
| ibm — doors_next_generation |
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. | 2020-06-19 | 3.5 | CVE-2020-4297 XF CONFIRM |
| ibm — doors_next_generation |
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141. | 2020-06-19 | 3.5 | CVE-2020-4281 XF CONFIRM |
| kordil — kordil_edms |
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | 2020-06-22 | 3.5 | CVE-2020-13888 MISC MISC |
| linux_foundation — jaeger |
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials. | 2020-06-19 | 2.1 | CVE-2020-10750 CONFIRM CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | 2020-06-19 | 2.1 | CVE-2019-20872 CONFIRM |
| mattermost — mattermost_server |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | 2020-06-19 | 3.5 | CVE-2016-11070 CONFIRM |
| mcafee — advanced_threat_defense |
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. | 2020-06-22 | 2.1 | CVE-2020-7262 CONFIRM |
| naviwebs — navigate_cms |
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the “Web Sites > Create > Aliases > Add” screen. | 2020-06-19 | 3.5 | CVE-2020-14927 MISC |
| paessler — prtg_network_monitor |
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | 2020-06-23 | 3.5 | CVE-2020-14073 MISC MISC |
| qualcomm — multiple_snapdragon_products |
Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 | 2020-06-22 | 2.1 | CVE-2019-10626 CONFIRM |
| qualcomm — multiple_snapdragon_products |
System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130 | 2020-06-22 | 2.1 | CVE-2019-14092 CONFIRM MISC |
| vmware — tools_for_macos |
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | 2020-06-19 | 2.1 | CVE-2020-3972 MISC |
| wordpress — wordpress |
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. | 2020-06-22 | 3.5 | CVE-2020-14962 MISC |
| wordpress — wordpress |
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. | 2020-06-22 | 3.5 | CVE-2020-14959 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| academy_software_foundation — openexr |
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | 2020-06-26 | not yet calculated | CVE-2020-15304 MISC MISC MISC MISC |
| academy_software_foundation — openexr |
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | 2020-06-26 | not yet calculated | CVE-2020-15305 MISC MISC MISC MISC |
| academy_software_foundation — openexr |
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | 2020-06-26 | not yet calculated | CVE-2020-15306 MISC MISC MISC MISC |
| adobe — acrobat_and_acrobat_reader | Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9597 CONFIRM |
| adobe — acrobat_and_acrobat_reader | Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9599 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | 2020-06-25 | not yet calculated | CVE-2020-9592 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. | 2020-06-25 | not yet calculated | CVE-2020-9611 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service. | 2020-06-25 | not yet calculated | CVE-2020-9610 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | 2020-06-25 | not yet calculated | CVE-2020-9613 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | 2020-06-25 | not yet calculated | CVE-2020-9614 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass. | 2020-06-25 | not yet calculated | CVE-2020-9615 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9608 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9594 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9612 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9598 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9595 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9609 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9602 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9607 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9600 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9601 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9593 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | 2020-06-25 | not yet calculated | CVE-2020-9596 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9603 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9604 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9605 CONFIRM |
| adobe — acrobat_and_acrobat_reader |
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9606 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9661 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9660 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | 2020-06-26 | not yet calculated | CVE-2020-3809 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9637 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9638 CONFIRM |
| adobe — after_effects | Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9662 CONFIRM |
| adobe — audition | Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9658 CONFIRM |
| adobe — audition | Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9618 CONFIRM |
| adobe — audition | Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9659 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9566 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9560 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9556 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9559 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9557 CONFIRM |
| adobe — bridge | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9558 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9562 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9565 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9564 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9563 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9561 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9553 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9554 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9555 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9568 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9569 CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9567 CONFIRM |
| adobe — campaign_classic |
Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-9666 CONFIRM |
| adobe — character_animator | Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9586 CONFIRM |
| adobe — coldfusion_2016_and_2018 | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). | 2020-06-26 | not yet calculated | CVE-2020-3767 CONFIRM |
| adobe — coldfusion_2016_and_2018 |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | 2020-06-26 | not yet calculated | CVE-2020-3768 CONFIRM |
| adobe — coldfusion_2016_and_2018 |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. | 2020-06-26 | not yet calculated | CVE-2020-3796 CONFIRM |
| adobe — digital_editions | Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-3798 CONFIRM |
| adobe — dng_software_development_kit | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9626 CONFIRM |
| adobe — dng_software_development_kit | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9623 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9589 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9622 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9625 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9629 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9620 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9627 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9624 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9621 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9590 CONFIRM |
| adobe — dng_software_development_kit |
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9628 CONFIRM |
| adobe — illustrator | Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9640 CONFIRM |
| adobe — illustrator | Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9642 CONFIRM |
| adobe — illustrator | Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9639 CONFIRM |
| adobe — illustrator | Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9641 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9573 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9574 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9575 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9572 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-26 | not yet calculated | CVE-2020-9570 CONFIRM |
| adobe — illustrator |
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9571 CONFIRM |
| adobe — magento | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9632 CONFIRM |
| adobe — magento | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9579 CONFIRM |
|
adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9631 CONFIRM |
| adobe — magento | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9576 CONFIRM |
| adobe — magento | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9585 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9581 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . | 2020-06-26 | not yet calculated | CVE-2020-9577 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts. | 2020-06-26 | not yet calculated | CVE-2020-9587 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9578 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9580 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9583 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation. | 2020-06-26 | not yet calculated | CVE-2020-9630 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9584 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | 2020-06-26 | not yet calculated | CVE-2020-9588 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | 2020-06-26 | not yet calculated | CVE-2020-9591 CONFIRM |
| adobe — magento |
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2020-9582 CONFIRM |
| adobe — premiere_pro | Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9653 CONFIRM |
| adobe — premiere_pro | Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9652 CONFIRM |
| adobe — premiere_pro | Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9654 CONFIRM |
| adobe — premiere_pro |
Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9616 CONFIRM |
| adobe — premiere_rush | Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9656 CONFIRM |
| adobe — premiere_rush | Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9657 CONFIRM |
| adobe — premiere_rush |
Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-06-26 | not yet calculated | CVE-2020-9617 CONFIRM |
| adobe — premiere_rush |
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-06-25 | not yet calculated | CVE-2020-9655 CONFIRM |
| apache — activemq_artemis |
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. | 2020-06-26 | not yet calculated | CVE-2020-10727 CONFIRM MISC |
| apache — spark |
In Apache Spark 2.4.5 and earlier, a standalone resource manager’s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application’s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc). | 2020-06-23 | not yet calculated | CVE-2020-9480 CONFIRM |
| apache — tomcat |
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. | 2020-06-26 | not yet calculated | CVE-2020-11996 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| apache — traffic_server | Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | 2020-06-24 | not yet calculated | CVE-2020-9494 CONFIRM DEBIAN |
| apnswift — apnswift |
In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1. | 2020-06-22 | not yet calculated | CVE-2020-4068 MISC MISC MISC CONFIRM |
| argent — recoverymanager |
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | 2020-06-25 | not yet calculated | CVE-2020-15302 MISC |
| artica — proxy_community_edition | Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | 2020-06-22 | not yet calculated | CVE-2020-13158 MISC |
| artica — proxy_community_edition | Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. | 2020-06-22 | not yet calculated | CVE-2020-13159 MISC MISC |
| atlassian — jira_server_and_data_center |
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 2020-06-23 | not yet calculated | CVE-2019-20409 MISC |
| atlassian — jira_server_and_data_center |
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | 2020-06-23 | not yet calculated | CVE-2020-4028 MISC |
| backbox — boolebox_secure_file_sharing_utility | BooleBox Secure File Sharing Utility (potentially all versions) allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. | 2020-06-24 | not yet calculated | CVE-2020-13248 MISC |
| backbox — boolebox_secure_file_sharing_utility | BooleBox Secure File Sharing Utility (potentially all versions) allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. | 2020-06-24 | not yet calculated | CVE-2020-13247 MISC |
| beaker — beaker |
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | 2020-06-26 | not yet calculated | CVE-2013-7489 MISC MISC MISC |
| bitrix24 — bitrix24 |
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. | 2020-06-24 | not yet calculated | CVE-2020-13483 MISC |
| bitrix24 — bitrix24 |
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing ‘<meta name=”og:image” content=”‘ followed by an intranet URL. | 2020-06-24 | not yet calculated | CVE-2020-13484 MISC |
| blogcms — blogcms | pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. | 2020-06-24 | not yet calculated | CVE-2020-15014 MISC |
| bludit — bludit | Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | 2020-06-24 | not yet calculated | CVE-2020-15006 MISC |
| bludit — bludit | Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. | 2020-06-24 | not yet calculated | CVE-2020-15026 MISC |
| cae — compression_and_archive_extensions |
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading “..”. This allows an attacker to add or replace files system-wide. | 2020-06-23 | not yet calculated | CVE-2020-7668 MISC |
| cae — compression_and_archive_extensions |
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading “..”. This allows an attacker to add or replace files system-wide. | 2020-06-23 | not yet calculated | CVE-2020-7664 MISC |
| ceph — ceph |
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. | 2020-06-22 | not yet calculated | CVE-2020-10736 CONFIRM MISC |
| ceph — ceph_object_gateway | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. | 2020-06-26 | not yet calculated | CVE-2020-10753 CONFIRM |
| chocolate-doom — chocolate-doom_and_crispy_doom | The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn’t validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server’s stack. | 2020-06-22 | not yet calculated | CVE-2020-14983 MISC |
| crypto/authenc.c — crypto/authenc.c |
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm’s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. | 2020-06-26 | not yet calculated | CVE-2020-10769 MISC MISC |
| dell — multiple_products |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit. | 2020-06-23 | not yet calculated | CVE-2020-5367 CONFIRM |
| dell — multiple_products |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. | 2020-06-23 | not yet calculated | CVE-2020-5345 CONFIRM |
| django-basic-auth-ip-whitelist — django-basic-auth-ip-whitelist |
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website’s server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings. | 2020-06-24 | not yet calculated | CVE-2020-4071 CONFIRM MISC |
| docker — docker_desktop |
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | 2020-06-27 | not yet calculated | CVE-2020-15360 MISC MISC |
| draytek — multiple_devices | Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. | 2020-06-24 | not yet calculated | CVE-2020-14473 CONFIRM |
| draytek — multiple_devices | DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote code injection/execution vulnerability. | 2020-06-24 | not yet calculated | CVE-2020-14472 CONFIRM |
| draytek — multiple_devices |
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. | 2020-06-23 | not yet calculated | CVE-2020-14993 MISC MISC CONFIRM |
| f-secure — safe | An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | 2020-06-23 | not yet calculated | CVE-2020-14978 MISC MISC MISC |
| f-secure — safe |
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | 2020-06-23 | not yet calculated | CVE-2020-14977 MISC MISC MISC |
| freedroid — freedroidrpg | An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. | 2020-06-23 | not yet calculated | CVE-2020-14938 MISC MISC |
| freedroid — freedroidrpg | An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game’s state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. | 2020-06-23 | not yet calculated | CVE-2020-14939 MISC MISC |
| freerdp — freerdp | In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-11096 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-4032 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-4033 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-11095 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-11098 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-11099 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-4031 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-11097 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. | 2020-06-22 | not yet calculated | CVE-2020-4030 MISC MISC CONFIRM |
| generator-jhipster-kotlin — generator-jhipster-kotlin |
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0. | 2020-06-25 | not yet calculated | CVE-2020-4072 MISC CONFIRM MISC MISC |
| gitlab — gitlab-vscode-extension |
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 2020-06-22 | not yet calculated | CVE-2020-13279 CONFIRM MISC |
| gleamtech — fileultimate | The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. | 2020-06-24 | not yet calculated | CVE-2020-15015 MISC |
| global_radar — bsa_radar | downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files. | 2020-06-22 | not yet calculated | CVE-2020-14946 MISC MISC |
| global_radar — bsa_radar |
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data. | 2020-06-22 | not yet calculated | CVE-2020-14945 MISC MISC |
| global_radar — bsa_radar |
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | 2020-06-22 | not yet calculated | CVE-2020-14944 MISC MISC |
| gns3 — ubridge | GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context. | 2020-06-23 | not yet calculated | CVE-2020-14976 MISC MISC MISC MISC |
| gnu — mailman | GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 2020-06-24 | not yet calculated | CVE-2020-15011 MISC |
| google — cloud_platform |
A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using their membership to the “adm” group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “adm” user from the OS Login entry. | 2020-06-22 | not yet calculated | CVE-2020-8903 MISC CONFIRM MISC |
| google — cloud_platform |
A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using the membership to the “lxd” group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “lxd” user from the OS Login entry. | 2020-06-22 | not yet calculated | CVE-2020-8933 MISC CONFIRM MISC |
| google — cloud_platform |
A vulnerability in Google Cloud Platform’s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role “roles/compute.osLogin” to escalate privileges to root. Using their membership to the “docker” group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the “docker” user from the OS Login entry. | 2020-06-22 | not yet calculated | CVE-2020-8907 MISC CONFIRM MISC |
| hcl — notes | HCL Notes is vulnerable to an information leakage vulnerability through its support for the ‘mailto’ protocol. This vulnerability could result in files from the user’s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected. | 2020-06-26 | not yet calculated | CVE-2020-4089 CONFIRM |
| honeywell — controledge_plc_and_rtu | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | 2020-06-26 | not yet calculated | CVE-2020-10628 MISC |
| honeywell — controledge_plc_and_rtu | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | 2020-06-26 | not yet calculated | CVE-2020-10624 MISC |
| ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | 2020-06-26 | not yet calculated | CVE-2019-4650 XF CONFIRM |
| ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. | 2020-06-26 | not yet calculated | CVE-2020-4223 XF CONFIRM |
| ibm — security_guardium |
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. | 2020-06-23 | not yet calculated | CVE-2020-4188 XF CONFIRM |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | 2020-06-26 | not yet calculated | CVE-2020-4565 XF CONFIRM |
| id_software — id_tech_1 | A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. | 2020-06-24 | not yet calculated | CVE-2020-15007 MISC MISC |
| idrive — idrive |
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITYAuthenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITYSYSTEM by substituting the service’s binary with a malicious one. | 2020-06-26 | not yet calculated | CVE-2020-15351 MISC MISC |
| iobit — advanced_systemcare_free |
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | 2020-06-22 | not yet calculated | CVE-2020-14990 MISC MISC |
| iobit — unlocker | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. | 2020-06-23 | not yet calculated | CVE-2020-14974 MISC MISC |
| iobit — unlocker | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. | 2020-06-23 | not yet calculated | CVE-2020-14975 MISC MISC |
| jiangmin — jiangmin_antivirus |
In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. | 2020-06-26 | not yet calculated | CVE-2020-14955 MISC |
| johnson_controls — exacqvision | A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. | 2020-06-26 | not yet calculated | CVE-2020-9047 CONFIRM CERT |
| jsrsasign — jsrsasign |
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending ‘�’ bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues. | 2020-06-22 | not yet calculated | CVE-2020-14967 MISC MISC MISC MISC MISC |
| jsrsasign — jsrsasign |
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending ‘�’ bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues. | 2020-06-22 | not yet calculated | CVE-2020-14968 MISC MISC MISC MISC MISC |
| jsrsasign — jsrsasign |
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and ‘0’ characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. | 2020-06-22 | not yet calculated | CVE-2020-14966 MISC MISC MISC MISC MISC |
| kordil — kordil_edms | documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | 2020-06-22 | not yet calculated | CVE-2020-13887 MISC MISC |
| limdu — limdu | In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95. | 2020-06-22 | not yet calculated | CVE-2020-4066 CONFIRM |
| mattermost — mattermost_mobile_apps |
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. | 2020-06-26 | not yet calculated | CVE-2020-13891 CONFIRM |
| mediawiki — mediawiki | In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. | 2020-06-24 | not yet calculated | CVE-2020-15005 CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| misp — misp |
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | 2020-06-22 | not yet calculated | CVE-2020-14969 MISC |
| mitsubishi_electric — multiple_central_processing_units |
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | 2020-06-23 | not yet calculated | CVE-2020-5594 MISC MISC MISC |
| mobile_industrial_robots — mir100_and_mir200_robots |
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000. | 2020-06-24 | not yet calculated | CVE-2020-10269 CONFIRM |
| mobile_industrial_robots — mir100_and_mir200_robots |
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it’s possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. | 2020-06-24 | not yet calculated | CVE-2020-10270 CONFIRM |
| mobile_industrial_robots — multiple_controllers |
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | 2020-06-24 | not yet calculated | CVE-2020-10279 CONFIRM |
| mobile_industrial_robots — multiple_controllers |
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data. | 2020-06-24 | not yet calculated | CVE-2020-10273 CONFIRM |
| mobile_industrial_robots — multiple_robots | The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. | 2020-06-24 | not yet calculated | CVE-2020-10280 CONFIRM |
| mobile_industrial_robots — multiple_robots | There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. | 2020-06-24 | not yet calculated | CVE-2020-10277 CONFIRM |
| mobile_industrial_robots — multiple_robots | The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data. | 2020-06-24 | not yet calculated | CVE-2020-10275 CONFIRM |
| mobile_industrial_robots — multiple_robots |
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. | 2020-06-24 | not yet calculated | CVE-2020-10276 CONFIRM |
| mobile_industrial_robots — multiple_robots |
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR’s operations are centered around the framework (ROS). | 2020-06-24 | not yet calculated | CVE-2020-10271 CONFIRM |
| mobile_industrial_robots — multiple_robots |
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. | 2020-06-24 | not yet calculated | CVE-2020-10272 CONFIRM |
| mobile_industrial_robots — multiple_robots |
The BIOS onboard MiR’s Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. | 2020-06-24 | not yet calculated | CVE-2020-10278 CONFIRM |
| mobile_industrial_robots — multiple_robots |
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot’s database. | 2020-06-24 | not yet calculated | CVE-2020-10274 CONFIRM |
| naviwebs — navigate_cms |
An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. | 2020-06-24 | not yet calculated | CVE-2020-14014 MISC |
| naviwebs — navigate_cms |
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users. | 2020-06-24 | not yet calculated | CVE-2020-14016 MISC |
| naviwebs — navigate_cms |
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id). | 2020-06-24 | not yet calculated | CVE-2020-14015 MISC |
| naviwebs — navigate_cms |
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session. | 2020-06-24 | not yet calculated | CVE-2020-14017 MISC |
| naviwebs — navigate_cms |
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. | 2020-06-24 | not yet calculated | CVE-2020-14018 MISC |
| nedi_consulting — nedi | NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. | 2020-06-26 | not yet calculated | CVE-2020-15016 MISC |
| nedi_consulting — nedi | NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | 2020-06-26 | not yet calculated | CVE-2020-15017 MISC |
| net-snmp — net-snmp |
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. | 2020-06-25 | not yet calculated | CVE-2019-20892 MLIST MISC MISC MISC MISC |
| network_time_foundation — network_time_protocol | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 2020-06-24 | not yet calculated | CVE-2020-15025 MISC MISC MISC |
| node-traceroute — node-traceroute |
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | 2020-06-25 | not yet calculated | CVE-2018-21268 MISC MISC MISC MISC MISC MISC MISC MISC |
| nvidia — windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-5964 CONFIRM |
| nvidia — windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service. | 2020-06-25 | not yet calculated | CVE-2020-5965 CONFIRM |
| nvidia — windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges. | 2020-06-25 | not yet calculated | CVE-2020-5966 CONFIRM |
| nvidia — windows_gpu_display_driver | NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. | 2020-06-25 | not yet calculated | CVE-2020-5967 CONFIRM |
| nvidia — windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure. | 2020-06-25 | not yet calculated | CVE-2020-5963 CONFIRM |
| nvidia — windows_gpu_display_driver |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | 2020-06-24 | not yet calculated | CVE-2020-5962 CONFIRM |
| openfind — mailgates |
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | 2020-06-23 | not yet calculated | CVE-2020-12782 CONFIRM |
| osisoft — pi_web_api_2019 |
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | 2020-06-23 | not yet calculated | CVE-2020-12021 MISC |
| packet_tide — expressengine |
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least). | 2020-06-24 | not yet calculated | CVE-2020-13443 MISC MISC |
| philips — multiple_products |
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | 2020-06-26 | not yet calculated | CVE-2020-14477 MISC |
| php-fusion — php-fusion | PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. | 2020-06-24 | not yet calculated | CVE-2020-15041 MISC |
| pi-hole — pi-hole |
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | 2020-06-23 | not yet calculated | CVE-2020-14971 MISC CONFIRM CONFIRM CONFIRM |
| pillow — pillow | Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c. | 2020-06-25 | not yet calculated | CVE-2020-10177 MISC MISC MISC MISC MISC |
| pillow — pillow |
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c. | 2020-06-25 | not yet calculated | CVE-2020-10379 MISC MISC MISC MISC MISC |
| pillow — pillow |
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | 2020-06-25 | not yet calculated | CVE-2020-11538 MISC MISC MISC MISC |
| pillow — pillow |
In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multiple out-of-bounds reads via a crafted JP2 file. | 2020-06-25 | not yet calculated | CVE-2020-10994 MISC MISC MISC MISC MISC |
| pillow — pillow |
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | 2020-06-25 | not yet calculated | CVE-2020-10378 MISC MISC MISC MISC MISC |
| playsms — playsms | playSMS through 1.4.3 is vulnerable to session fixation. | 2020-06-24 | not yet calculated | CVE-2020-15018 MISC |
| portland_labs — concrete5 |
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | 2020-06-22 | not yet calculated | CVE-2020-14961 MISC MISC |
| rakuten — viber_for_windows |
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569. | 2020-06-22 | not yet calculated | CVE-2020-14049 MISC MISC |
| rapid7 — metasploit_pro |
Cross-site Scripting (XSS) vulnerability in the ‘notes’ field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated ‘host’ field of a discovered scan asset. | 2020-06-25 | not yet calculated | CVE-2020-7355 MISC CONFIRM |
| rapid7 — metasploit_pro |
Cross-site Scripting (XSS) vulnerability in the ‘host’ field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated ‘notes’ field of a discovered scan asset. | 2020-06-25 | not yet calculated | CVE-2020-7354 MISC CONFIRM |
| red_hat — cloudforms_management_engine |
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root. | 2020-06-22 | not yet calculated | CVE-2019-14894 CONFIRM |
| red_hat — jboss_keycloak | A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients. | 2020-06-22 | not yet calculated | CVE-2020-1727 CONFIRM |
| red_hat — wildfly |
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. | 2020-06-22 | not yet calculated | CVE-2020-10740 CONFIRM |
| rockwell_automation — factorytalk_services_platform | In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | 2020-06-23 | not yet calculated | CVE-2020-12033 MISC |
| sane — backends | A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | 2020-06-24 | not yet calculated | CVE-2020-12865 CONFIRM MISC |
| sane — backends |
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. | 2020-06-24 | not yet calculated | CVE-2020-12864 CONFIRM MISC |
| sane — backends |
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. | 2020-06-24 | not yet calculated | CVE-2020-12866 CONFIRM MISC |
| sane — backends |
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | 2020-06-24 | not yet calculated | CVE-2020-12863 CONFIRM MISC |
| sane — backends |
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | 2020-06-24 | not yet calculated | CVE-2020-12861 CONFIRM MISC |
| sane — backends |
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | 2020-06-24 | not yet calculated | CVE-2020-12862 CONFIRM MISC |
| sas_institute — go-rpmutils |
The CPIO extraction functionality doesn’t sanitize the paths of the archived files for leading and non-leading “..” which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. | 2020-06-24 | not yet calculated | CVE-2020-7667 CONFIRM CONFIRM |
| secureauth — secureauth_idp | SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. | 2020-06-25 | not yet calculated | CVE-2020-9437 MISC MISC MISC |
| semtech — lora_basics_station | In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4. | 2020-06-22 | not yet calculated | CVE-2020-4060 CONFIRM |
| semtech — loramac-node | In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4. | 2020-06-23 | not yet calculated | CVE-2020-11068 MISC CONFIRM |
| shenzhen_tenda _technology — pa6_wi-fi_powerline_extender | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the “homeplugd” process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. | 2020-06-25 | not yet calculated | CVE-2019-19506 MISC |
| shenzhen_tenda _technology — pa6_wi-fi_powerline_extender | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the “Wireless” section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | 2020-06-25 | not yet calculated | CVE-2019-19505 MISC |
| shenzhen_tenda _technology — pa6_wi-fi_powerline_extender | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. | 2020-06-25 | not yet calculated | CVE-2019-16213 MISC |
| solarwinds — orion | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | 2020-06-24 | not yet calculated | CVE-2020-14005 MISC |
| solarwinds — orion | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | 2020-06-24 | not yet calculated | CVE-2020-14006 MISC |
| solarwinds — orion | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | 2020-06-24 | not yet calculated | CVE-2020-14007 MISC |
| sqlite — sqlite |
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | 2020-06-27 | not yet calculated | CVE-2020-15358 MISC MISC MISC |
| stash — stash | Stash 1.0.3 allows SQL Injection via the downloadmp3.php download parameter. | 2020-06-26 | not yet calculated | CVE-2020-15311 MISC |
| supermicro — x10drh-it_motherboards | The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. | 2020-06-24 | not yet calculated | CVE-2020-15046 MISC |
| support_incident_tracker_project — sit! | Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. | 2020-06-26 | not yet calculated | CVE-2020-15308 MISC |
| taxguitar — taxguitar | An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. | 2020-06-23 | not yet calculated | CVE-2020-14940 MISC MISC |
| tinxy — door_lock_devices | Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled. | 2020-06-23 | not yet calculated | CVE-2020-9438 MISC |
| tp-link — tl-wr740n_and_tl-wr740nd_devices |
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. | 2020-06-23 | not yet calculated | CVE-2020-14965 MISC |
| trojita_project — trojita | MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. | 2020-06-25 | not yet calculated | CVE-2020-15047 MISC MISC |
| unisys — stealth |
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | 2020-06-22 | not yet calculated | CVE-2020-12053 CONFIRM |
| verint — workforce_optimization |
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the “send email” feature. | 2020-06-22 | not yet calculated | CVE-2020-13480 MISC MISC MISC |
| vipre — password_vault_app | The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. | 2020-06-22 | not yet calculated | CVE-2020-14981 MISC |
| winmagic — securedoc | The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \.SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution. | 2020-06-22 | not yet calculated | CVE-2020-11519 CONFIRM |
| winmagic — securedoc |
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution. | 2020-06-22 | not yet calculated | CVE-2020-11520 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor’s memory. Additional conditions beyond the attacker’s control need to be present for exploitation to be possible. | 2020-06-25 | not yet calculated | CVE-2020-3964 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. | 2020-06-25 | not yet calculated | CVE-2020-3966 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. | 2020-06-25 | not yet calculated | CVE-2020-3967 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine’s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. | 2020-06-25 | not yet calculated | CVE-2020-3968 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible. | 2020-06-24 | not yet calculated | CVE-2020-3969 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine’s vmx process leading to a partial denial of service condition. | 2020-06-25 | not yet calculated | CVE-2020-3970 CONFIRM |
| wmware — esxi_and_workstation_and_fusion | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | 2020-06-25 | not yet calculated | CVE-2020-3965 CONFIRM |
| wmware — esxi_and_workstation_and_fusion |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. | 2020-06-25 | not yet calculated | CVE-2020-3971 CONFIRM |
| wmware — esxi_and_workstation_and_fusion |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | 2020-06-25 | not yet calculated | CVE-2020-3963 CONFIRM |
| wmware — esxi_and_workstation_and_fusion |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. | 2020-06-24 | not yet calculated | CVE-2020-3962 CONFIRM |
| wolfssl — wolfssl | The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a “projective coordinates leak.” | 2020-06-25 | not yet calculated | CVE-2020-11735 CONFIRM CONFIRM |
| wordpress — wordpress | The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. | 2020-06-24 | not yet calculated | CVE-2020-15038 MISC MISC MISC MISC |
| wordpress — wordpress |
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. | 2020-06-24 | not yet calculated | CVE-2020-13700 MISC MISC MISC |
| world_wide_web_consortium — css_validator |
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9. | 2020-06-22 | not yet calculated | CVE-2020-4070 MISC CONFIRM |
| xiaomi — mi_jia_printer |
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. | 2020-06-24 | not yet calculated | CVE-2020-10561 CONFIRM |
| xiaomi — r3600_rom_router | An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | 2020-06-24 | not yet calculated | CVE-2020-11959 CONFIRM |
| xiaomi — r3600_rom_router |
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS | 2020-06-24 | not yet calculated | CVE-2020-11960 CONFIRM |
| xiaomi — r3600_rom_router |
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | 2020-06-24 | not yet calculated | CVE-2020-11961 CONFIRM |
| xiaomi — r3600_rom_router |
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. | 2020-06-24 | not yet calculated | CVE-2020-14094 CONFIRM |
| xiaomi — r3600_rom_router |
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. | 2020-06-24 | not yet calculated | CVE-2020-14095 CONFIRM |
| zte — u31r20_device |
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 | 2020-06-24 | not yet calculated | CVE-2020-6870 CONFIRM |
| zyxel — cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | 2020-06-26 | not yet calculated | CVE-2020-15348 MISC MISC |
| zyxel — cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | 2020-06-26 | not yet calculated | CVE-2020-15336 MISC MISC |
| zyxel — cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | 2020-06-26 | not yet calculated | CVE-2020-15335 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.