Original release date: May 25, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amd — overdrive |
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-05-18 | 7.5 | CVE-2019-7247 MISC |
| centreon — centreon |
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | 2020-05-21 | 9 | CVE-2020-13252 MISC MISC MISC MISC |
| cherokee_project — cherokee |
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many “Host: 127.0.0.1” headers. | 2020-05-18 | 7.5 | CVE-2019-20800 MISC MISC |
| covidsafe — covidsafe |
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used. | 2020-05-18 | 7.5 | CVE-2020-12856 MISC MISC MISC |
| d-link — dap-1360_devices | An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | 2020-05-15 | 10 | CVE-2019-18666 MISC MISC MISC |
| druva — insync_windows_client |
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | 2020-05-21 | 7.2 | CVE-2020-5752 MISC MISC |
| eq-3 — homematic_ccu2_and_ccu3_devices |
eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | 2020-05-15 | 7.5 | CVE-2020-12834 MISC |
| facebook — proxygen |
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. | 2020-05-18 | 7.5 | CVE-2020-1897 CONFIRM |
| freerdp — freerdp |
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | 2020-05-15 | 7.5 | CVE-2020-11521 MISC CONFIRM CONFIRM |
| ivanti — workspace_control |
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | 2020-05-18 | 7.2 | CVE-2019-17066 CONFIRM |
| logkitty — logkitty |
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 2020-05-15 | 7.5 | CVE-2020-8149 MISC |
| mariadb — connector/c | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a client. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | 2020-05-20 | 7.5 | CVE-2020-13249 MISC MISC |
| microsoft — multiple_products |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. | 2020-05-21 | 7.5 | CVE-2020-0901 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068. | 2020-05-21 | 7.2 | CVE-2020-1079 MISC |
| microsoft — multiple_windows_products | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175. | 2020-05-21 | 9.3 | CVE-2020-1176 MISC |
| microsoft — multiple_windows_products |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176. | 2020-05-21 | 9.3 | CVE-2020-1174 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079. | 2020-05-21 | 7.2 | CVE-2020-1010 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079. | 2020-05-21 | 7.2 | CVE-2020-1068 MISC |
| microsoft — multiple_windows_products |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176. | 2020-05-21 | 9.3 | CVE-2020-1175 MISC |
| microsoft — multiple_windows_products |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176. | 2020-05-21 | 9.3 | CVE-2020-1051 MISC |
| microweber — microweber |
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 2020-05-20 | 7.2 | CVE-2020-13241 MISC |
| mikrotik — mikrotik-router-monitoring-system | An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. | 2020-05-16 | 7.5 | CVE-2020-13118 MISC MISC |
| misp_project — misp_maltego | MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | 2020-05-15 | 7.5 | CVE-2020-12889 MISC |
| mylittleteels — mylittleadmin |
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers’ installations) in web.config, and can be used to send serialized ASP code. | 2020-05-19 | 7.5 | CVE-2020-13166 MISC MISC |
| netgear — multiple_products |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. | 2020-05-18 | 8.3 | CVE-2020-11549 MISC MISC MISC |
| netsweeper — netsweeper |
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. | 2020-05-19 | 7.5 | CVE-2020-13167 MISC |
| nintendo — nintendo_64_devices |
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. | 2020-05-16 | 7.5 | CVE-2020-13109 MISC MISC |
| oblac — jodd |
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. | 2020-05-21 | 7.5 | CVE-2018-21234 MISC MISC MISC |
| panasonic — multiple_devices | Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at “End-of-software-support.” | 2020-05-20 | 7.5 | CVE-2020-11716 CONFIRM |
| panasonic — p99_devices |
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at “End-of-software-support.” | 2020-05-19 | 7.5 | CVE-2020-11715 CONFIRM |
| panasonic — video_insight |
Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors. | 2020-05-20 | 7.5 | CVE-2019-5997 MISC MISC |
| raonwiz — k_upload |
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. | 2020-05-21 | 7.5 | CVE-2020-7808 CONFIRM |
| smartbear — readyapi_soapui_pro |
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. | 2020-05-20 | 7.5 | CVE-2020-12835 MISC FULLDISC MISC MISC |
| stashcat — stashcat |
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. | 2020-05-18 | 9 | CVE-2020-13129 MISC MISC |
| tibco_software — multiple_jproducts | The administrative UI component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server “superuser” for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. | 2020-05-20 | 10 | CVE-2020-9409 CONFIRM |
| vandyke — securecrt |
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | 2020-05-15 | 10 | CVE-2020-12651 MISC MISC CONFIRM MISC |
| wso2 — api_manager |
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node’s entire intranet. | 2020-05-20 | 7.5 | CVE-2020-13226 MISC MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amd — ati_diagnostics_hardware_sys/overclocking_utility |
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-05-18 | 4.6 | CVE-2019-7246 MISC |
| apache — couchdb |
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue. | 2020-05-20 | 6.8 | CVE-2020-1955 MISC |
| apache — tomcat |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. | 2020-05-20 | 6.8 | CVE-2020-9484 SUSE MLIST MISC MLIST MLIST |
| apt — apt |
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | 2020-05-15 | 4.3 | CVE-2020-3810 MISC MISC MISC MISC MISC |
| bitdefender — bitdefender_engines | Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. | 2020-05-15 | 5 | CVE-2020-8100 MISC |
| bluetooth — bluetooth_core_specification | Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. | 2020-05-19 | 4.8 | CVE-2020-10135 MISC CERT-VN CONFIRM |
| bluetooth — core |
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. | 2020-05-19 | 4.3 | CVE-2020-10134 CERT-VN CONFIRM |
| cacti — cacti |
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | 2020-05-20 | 4 | CVE-2020-13230 MISC MISC |
| cacti — cacti |
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 2020-05-20 | 4.3 | CVE-2020-13231 MISC MISC |
| cellebrite — ufed |
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | 2020-05-15 | 4.6 | CVE-2020-12798 MISC MISC MISC MISC MISC |
| cherokee_project — cherokee |
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. | 2020-05-18 | 5 | CVE-2019-20799 MISC MISC MISC MISC MISC |
| cherokee_project — cherokee |
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. | 2020-05-18 | 6 | CVE-2019-20798 MISC MISC |
| covidsafe — covidsafe |
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. | 2020-05-18 | 5 | CVE-2020-12858 MISC MISC |
| covidsafe — covidsafe |
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. | 2020-05-18 | 5 | CVE-2020-12857 MISC MISC MISC |
| covidsafe — covidsafe |
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner’s name. | 2020-05-18 | 5 | CVE-2020-12860 MISC MISC |
| covidsafe — covidsafe |
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations. | 2020-05-18 | 5 | CVE-2020-12859 MISC MISC |
| d-link — dsp-w215_devices | D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | 2020-05-18 | 5 | CVE-2020-13136 MISC |
| dell — isilon |
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. | 2020-05-20 | 5 | CVE-2020-5365 MISC |
| dell — isilon_onefs | Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. | 2020-05-20 | 5 | CVE-2020-5364 MISC |
| digi — xbee_2_devices |
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | 2020-05-21 | 5.5 | CVE-2017-18868 MISC |
| dolibarr — dolibarr |
The DMS/ECM module in Dolibarr 11.0.4 allows users with the ‘Setup documents directories’ permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | 2020-05-20 | 5.5 | CVE-2020-13240 MISC |
| dovecot — dovecot |
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. | 2020-05-18 | 5 | CVE-2020-10957 MISC FULLDISC MLIST MISC FEDORA UBUNTU DEBIAN CONFIRM |
| dovecot — dovecot |
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. | 2020-05-18 | 5 | CVE-2020-10958 MISC FULLDISC MLIST MISC FEDORA UBUNTU DEBIAN CONFIRM |
| dovecot — dovecot |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | 2020-05-18 | 5 | CVE-2020-10967 MISC FULLDISC MLIST MISC FEDORA UBUNTU DEBIAN CONFIRM |
| dpdk — dpdk |
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. | 2020-05-19 | 4.6 | CVE-2020-10723 SUSE MISC CONFIRM UBUNTU MISC |
| dpdk — dpdk |
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | 2020-05-19 | 4.6 | CVE-2020-10722 SUSE MISC CONFIRM UBUNTU MISC |
| dpdk — dpdk |
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. | 2020-05-20 | 4 | CVE-2020-10725 SUSE MISC CONFIRM MISC |
| e6y — prboom-plus |
An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c. | 2020-05-18 | 5 | CVE-2019-20797 MISC MISC MISC |
| edx — open_edx_ironwood |
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the “Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code” screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | 2020-05-18 | 6.5 | CVE-2020-13144 MISC MISC MISC |
| edx — open_edx_ironwood |
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the “Course>Data Downloads>Reports>Download profile info” feature. | 2020-05-18 | 6.8 | CVE-2020-13146 MISC |
| em-imap — em-imap |
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | 2020-05-19 | 5.8 | CVE-2020-13163 MISC |
| estsoft — alsong |
ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. | 2020-05-15 | 4.3 | CVE-2020-7809 MISC MISC |
| freerdp — freerdp | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | 2020-05-15 | 6.4 | CVE-2020-11525 MISC CONFIRM CONFIRM CONFIRM |
| gilacms — gila_cms | Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. | 2020-05-21 | 4.3 | CVE-2019-20803 MISC |
| gilacms — gila_cms | Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | 2020-05-21 | 6.8 | CVE-2019-20804 MISC |
| gitea — gitea |
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository’s ownership from one organization to another. | 2020-05-20 | 5 | CVE-2020-13246 MISC MISC MISC |
| google — chrome | Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 2020-05-21 | 4.3 | CVE-2020-6476 MISC MISC |
| google — chrome | Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6478 MISC MISC |
| google — chrome | Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6483 MISC MISC |
| google — chrome | Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6479 MISC MISC |
| google — chrome | Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6487 MISC MISC |
| google — chrome | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-05-21 | 6.8 | CVE-2020-6471 MISC MISC |
| google — chrome | Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | 2020-05-21 | 6.8 | CVE-2020-6477 MISC MISC |
| google — chrome | Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6489 MISC MISC |
| google — chrome | Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6488 MISC MISC |
| google — chrome |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 2020-05-21 | 4.3 | CVE-2020-6482 MISC MISC |
| google — chrome |
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. | 2020-05-21 | 4.3 | CVE-2020-6484 MISC MISC |
| google — chrome |
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6485 MISC MISC |
| google — chrome |
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6486 MISC MISC |
| google — chrome |
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6490 MISC MISC |
| google — chrome |
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6457 MISC MISC |
| google — chrome |
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. | 2020-05-21 | 4.3 | CVE-2020-6491 MISC MISC |
| google — chrome |
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6459 MISC MISC |
| google — chrome |
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6474 MISC MISC |
| google — chrome |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 2020-05-21 | 6.8 | CVE-2020-6469 MISC MISC |
| google — chrome |
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6467 MISC MISC |
| google — chrome |
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6466 MISC MISC |
| google — chrome |
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6465 MISC MISC |
| google — chrome |
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6473 MISC MISC |
| google — chrome |
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. | 2020-05-21 | 4.3 | CVE-2020-6460 MISC MISC |
| google — chrome |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. | 2020-05-21 | 4.3 | CVE-2020-6472 MISC MISC |
| google — chrome |
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. | 2020-05-21 | 4.3 | CVE-2020-6470 MISC MISC |
| google — chrome |
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6464 SUSE MISC MISC |
| google — chrome |
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-05-21 | 4.3 | CVE-2020-6475 MISC MISC |
| google — chrome |
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. | 2020-05-21 | 4.3 | CVE-2020-6481 MISC MISC |
| google — chrome |
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6468 MISC MISC |
| google — chrome |
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2020-05-21 | 6.8 | CVE-2020-6458 MISC MISC |
| google — chrome |
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6461 MISC MISC |
| google — chrome |
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6462 MISC MISC |
| google — chrome |
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-05-21 | 6.8 | CVE-2020-6463 MISC MISC |
| gwtupload — gwtupload |
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server’s threads to sleep, leading to denial of service. | 2020-05-18 | 5 | CVE-2020-13128 MISC MISC |
| hive_solutions — netius |
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks. | 2020-05-21 | 4.3 | CVE-2020-7655 MISC |
| horde — gollem |
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL. | 2020-05-18 | 4.3 | CVE-2020-8034 CONFIRM MISC MISC CONFIRM |
| horde — groupware_webmail_edition | The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL. | 2020-05-18 | 4.3 | CVE-2020-8035 CONFIRM CONFIRM |
| hp — nimble_storage |
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 | 2020-05-19 | 6.5 | CVE-2020-7138 MISC |
| hp — nimbleos |
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 | 2020-05-19 | 5.5 | CVE-2020-7139 MISC |
| hp — superdome_flex_server |
A validation issue in HPE Superdome Flex’s RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. | 2020-05-19 | 4.6 | CVE-2020-7137 MISC |
| httplib2 — httplib2 |
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. | 2020-05-20 | 4.3 | CVE-2020-11078 MISC CONFIRM MLIST |
| huawei — e6878-370_devices |
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution. | 2020-05-21 | 5.4 | CVE-2020-1799 MISC |
| huawei — multiple_smartphones |
Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. | 2020-05-15 | 5.8 | CVE-2020-1808 MISC |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. | 2020-05-19 | 4.3 | CVE-2020-4286 XF CONFIRM |
| ibm — security_access_manager_appliance |
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. | 2020-05-20 | 4 | CVE-2020-4461 XF CONFIRM |
| ibm — spectrum_scale | The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. | 2020-05-19 | 4.9 | CVE-2020-4411 XF CONFIRM |
| ibm — spectrum_scale |
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. | 2020-05-19 | 5 | CVE-2020-4412 XF CONFIRM |
| ifax_solutions — avantfax_and_hylafax_enterprise_web_interface | sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | 2020-05-19 | 6.5 | CVE-2020-11766 CONFIRM |
| intel — cloud_hypervisor |
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | 2020-05-19 | 4.6 | CVE-2020-2025 CONFIRM |
| intelliants — subrion_cms |
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user’s browser without proper output encoding. | 2020-05-15 | 4.3 | CVE-2019-20389 MISC |
| intelliants — subrion_cms |
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim’s knowledge, by enticing an authenticated user to visit an attacker’s web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | 2020-05-15 | 5.8 | CVE-2019-20390 MISC |
| interchange — interchange |
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | 2020-05-15 | 4.3 | CVE-2020-12685 MISC CONFIRM |
| internet_systems_consortium — bind |
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | 2020-05-19 | 5 | CVE-2020-8617 MLIST CONFIRM CONFIRM DEBIAN |
| internet_systems_consortium — bind |
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. | 2020-05-19 | 5 | CVE-2020-8616 MISC MLIST CONFIRM CONFIRM DEBIAN |
| jquery — jquery |
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove “<script>” HTML tags that contain a whitespace character, i.e: “</script >”, which results in the enclosed script logic to be executed. | 2020-05-19 | 4.3 | CVE-2020-7656 MISC |
| kde — amarok |
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. | 2020-05-20 | 4.3 | CVE-2020-13152 MISC |
| knot-resolver — knot-resolver |
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an “NXNSAttack” issue. This is triggered by random subdomains in the NSDNAME in NS records. | 2020-05-19 | 5 | CVE-2020-12667 MISC MLIST MISC CONFIRM |
| libexif — libexif |
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | 2020-05-21 | 6.4 | CVE-2020-13112 MISC |
| libexif — libexif |
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | 2020-05-21 | 5 | CVE-2020-13113 MISC |
| libexif — libexif |
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | 2020-05-21 | 4.3 | CVE-2020-13114 MISC |
| libreoffice — libreoffice |
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice’s default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. | 2020-05-18 | 5 | CVE-2020-12801 MISC |
| linux — linux_kernel |
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal ‘�’ value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. | 2020-05-18 | 4.3 | CVE-2020-13143 MISC MISC |
| linux — linux_kernel |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | 2020-05-15 | 4.9 | CVE-2020-12888 MLIST FEDORA MISC MISC |
| micro_focus — service_manager |
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | 2020-05-19 | 4.3 | CVE-2020-11845 MISC |
| microsoft — multiple_sharepoint_products |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. | 2020-05-21 | 4.3 | CVE-2020-1106 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | 4.6 | CVE-2020-1184 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | 4.6 | CVE-2020-1189 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | 4.6 | CVE-2020-1144 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191. | 2020-05-21 | 4.6 | CVE-2020-1190 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190. | 2020-05-21 | 4.6 | CVE-2020-1191 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | 4.6 | CVE-2020-1185 MISC |
| microstar_international — multiple_msi_gaming_laptops | Weak permissions on the “%PROGRAMDATA%MSIDragon Center” folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | 2020-05-18 | 4.6 | CVE-2020-13149 MISC |
| misp_project — misp |
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | 2020-05-18 | 4.3 | CVE-2020-13153 MISC MISC |
| moodle — moodle |
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | 2020-05-21 | 6.5 | CVE-2020-10738 CONFIRM CONFIRM CONFIRM |
| naver — whale_browser_installer | Whale Browser Installer before 1.2.0.5 versions don’t support signature verification for Flash installer. | 2020-05-20 | 6.4 | CVE-2020-9753 CONFIRM |
| naviserver — naviserver |
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. | 2020-05-16 | 5 | CVE-2020-13111 MISC MISC |
| netgear — multiple_products |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. | 2020-05-18 | 5.8 | CVE-2020-11551 MISC MISC MISC |
| nitro_software — nitro_pro | An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. | 2020-05-18 | 6.8 | CVE-2020-6092 MISC |
| nitro_software — nitro_pro |
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file. | 2020-05-18 | 4.3 | CVE-2020-6093 MISC |
| nitro_software — nitro_pro |
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2020-05-18 | 6.8 | CVE-2020-6074 MISC |
| nlnet_labs — unbound |
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 2020-05-19 | 5 | CVE-2020-12663 MLIST FEDORA CONFIRM |
| nlnet_labs — unbound |
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an “NXNSAttack” issue. This is triggered by random subdomains in the NSDNAME in NS records. | 2020-05-19 | 5 | CVE-2020-12662 MISC MLIST FEDORA CONFIRM |
| node.js — node.js |
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | 2020-05-16 | 6.9 | CVE-2020-13110 MISC MISC MISC MISC |
| open_build_service — open_build_service |
a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 2020-05-19 | 4.3 | CVE-2020-8021 CONFIRM |
| paid_memberships_pro — paid_memberships_pro | SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 2020-05-20 | 6.5 | CVE-2020-5579 MISC MISC |
| pcs — dexicon |
PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. | 2020-05-19 | 4.3 | CVE-2020-6956 MISC |
| php — php |
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. | 2020-05-20 | 5 | CVE-2019-11048 MISC MISC FEDORA FEDORA |
| powerdns — recursor |
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system’s hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have ‘�’ termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has ‘�’ termination.) Under some conditions, this issue can lead to the writing of one ‘�’ byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. | 2020-05-19 | 6.5 | CVE-2020-10030 SUSE CONFIRM |
| powerdns — recursor |
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 2020-05-19 | 5 | CVE-2020-12244 SUSE MLIST CONFIRM DEBIAN |
| powerdns — recursor |
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. | 2020-05-19 | 5 | CVE-2020-10995 SUSE MISC CONFIRM |
| python — python | Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. | 2020-05-21 | 4.3 | CVE-2020-13258 MISC |
| rconfig — rconfig |
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. | 2020-05-18 | 6.4 | CVE-2020-12258 MISC |
| rconfig — rconfig |
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | 2020-05-18 | 6.8 | CVE-2020-12257 MISC |
| rconfig — rconfig |
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. | 2020-05-18 | 6.5 | CVE-2020-12255 MISC |
| readdle — documents_app_for_ios |
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application’s file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user’s data) via cross-origin requests. | 2020-05-18 | 5 | CVE-2019-20801 MISC MISC |
| readdle — documents_app_for_ios |
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application’s file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user’s data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim’s device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. | 2020-05-18 | 4.3 | CVE-2019-20802 MISC MISC |
| red_hat — ansible_engine_and_ansible_tower |
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. | 2020-05-15 | 4.4 | CVE-2020-10744 CONFIRM |
| red_hat — jboss_keycloak |
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. | 2020-05-15 | 4.3 | CVE-2020-1758 CONFIRM MISC |
| red_hat — jboss_resteasy |
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | 2020-05-19 | 5 | CVE-2020-1695 CONFIRM |
| rockwell_automation — eds_subsystem | Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. | 2020-05-19 | 4.3 | CVE-2020-12038 MISC |
| rockwell_automation — eds_subsystem |
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. | 2020-05-20 | 4.8 | CVE-2020-12034 MISC |
| signal — private_messenger |
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim’s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined. | 2020-05-20 | 5 | CVE-2020-5753 MISC |
| sourcefabric — newscoop |
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | 2020-05-19 | 4.6 | CVE-2020-11807 MISC MISC |
| submitty — submitty | Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | 2020-05-16 | 5.8 | CVE-2020-13121 MISC |
| tibco_software — multiple_products |
The report generator component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. | 2020-05-20 | 6.8 | CVE-2020-9410 CONFIRM |
| transmission — transmission |
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. | 2020-05-15 | 6.8 | CVE-2018-10756 MISC MLIST FEDORA MISC |
| unisys — algol_compiler |
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | 2020-05-21 | 5.9 | CVE-2020-12647 CONFIRM |
| videolan — vlc_media_player |
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | 2020-05-15 | 6.8 | CVE-2019-19721 MISC MISC MISC MISC |
| vmware — cloud_director |
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. | 2020-05-20 | 6.5 | CVE-2020-3956 MISC |
| wireshark — wireshark |
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | 2020-05-19 | 5 | CVE-2020-13164 MISC MISC MISC |
| wordpress — wordpress |
An issue was discovered in the “Ultimate Addons for Elementor” plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. | 2020-05-17 | 6.4 | CVE-2020-13125 MISC MISC |
| wordpress — wordpress |
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. | 2020-05-17 | 6.5 | CVE-2020-13126 MISC MISC |
| wowza_media_systems — wowza_streaming_engine | A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. | 2020-05-18 | 4.3 | CVE-2019-19456 MISC |
| wowza_media_systems — wowza_streaming_engine | An arbitrary file download was found in the “Download Log” functionality of Wowza Streaming Engine <= 4.x.x | 2020-05-18 | 5 | CVE-2019-19454 MISC |
| zoho — manageengine_service_plus |
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 2020-05-18 | 4 | CVE-2020-13154 MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| d-link — dsp-w215_devices |
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | 2020-05-18 | 3.3 | CVE-2020-13135 MISC |
| dolibarr — dolibarr | Dolibarr before 11.0.4 allows XSS. | 2020-05-18 | 3.5 | CVE-2020-13094 MISC MISC MISC |
| dolibarr — dolibarr |
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. | 2020-05-20 | 3.5 | CVE-2020-13239 MISC |
| dpdk — dpdk | A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. | 2020-05-19 | 2.1 | CVE-2020-10724 SUSE MISC CONFIRM UBUNTU MISC |
| dpdk — dpdk |
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. | 2020-05-20 | 2.1 | CVE-2020-10726 SUSE MISC CONFIRM MISC |
| edx — open_edx_ironwood |
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the “Content>File Uploads” screen. These files can contain JavaScript code and thus lead to Stored XSS. | 2020-05-18 | 3.5 | CVE-2020-13145 MISC |
| google — chrome | Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. | 2020-05-21 | 1.9 | CVE-2020-6480 MISC MISC |
| hpipam — phpipam |
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. | 2020-05-20 | 3.5 | CVE-2020-13225 MISC MISC |
| huawei — multiple_products |
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly.Affected product versions include:Product Name version Affected Version;Anne-AL00 versions Versions earlier than 9.1.0.331(C675E9R1P3T8);Berkeley-L09 versions Versions earlier than 10.0.1.1(C675R1);CD16-10 versions Versions earlier than 10.0.2.8;CD17-10 versions Versions earlier than 10.0.2.8;CD17-16 versions Versions earlier than 10.0.2.8;CD18-10 versions Versions earlier than 10.0.2.8;CD18-16 versions Versions earlier than 10.0.2.8;Columbia-TL00B versions Versions earlier than 9.0.0.187(C01E181R1P20T8);E6878-370 versions Versions earlier than 10.0.5.1(H610SP10C00);Honor 10 Lite versions Versions earlier than 10.0.0.182(C675E17R2P2);LelandP-L22A versions Versions earlier than 9.1.0.166(C675E5R1P4T8);TC5200-16 versions | 2020-05-21 | 3.3 | CVE-2020-9069 MISC |
| huawei — p20_smartphones |
Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user’s identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. | 2020-05-15 | 2.1 | CVE-2020-9073 MISC |
| ibm — i | IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. | 2020-05-17 | 1.9 | CVE-2020-4345 XF CONFIRM |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. | 2020-05-19 | 3.5 | CVE-2020-4298 XF CONFIRM |
| kata — kata_containers |
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. | 2020-05-19 | 2.1 | CVE-2020-2024 CONFIRM CONFIRM |
| micro_focus — enterprise_server_and_enterprise_developer |
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | 2020-05-18 | 3.5 | CVE-2020-9524 MISC |
| microsoft — multiple_sharepoint_products |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106. | 2020-05-21 | 3.5 | CVE-2020-1100 MISC |
| microsoft — multiple_sharepoint_products |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106. | 2020-05-21 | 3.5 | CVE-2020-1101 MISC |
|
microsoft — sharepoint_enterprise_server_2016_and_sharepoint_server_2019 |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106. | 2020-05-21 | 3.5 | CVE-2020-1099 MISC |
| netgear — multiple_products |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). | 2020-05-18 | 3.3 | CVE-2020-11550 MISC MISC MISC |
| pulseaudio — pulseaudio |
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | 2020-05-15 | 2.1 | CVE-2020-11931 MISC UBUNTU |
| rconfig — rconfig |
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. | 2020-05-18 | 3.5 | CVE-2020-12259 MISC |
| rconfig — rconfig |
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. | 2020-05-18 | 3.5 | CVE-2020-12256 MISC |
| submitty — submitty |
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | 2020-05-15 | 3.5 | CVE-2020-12882 MISC MISC |
| yaws — yaws |
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. | 2020-05-15 | 2.1 | CVE-2020-12872 MISC MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anchorfree — vpn_sdk | An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. | 2020-05-21 | not yet calculated | CVE-2020-12828 MISC |
| apache — kylin |
Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. | 2020-05-22 | not yet calculated | CVE-2020-1956 MISC |
| aviatrix — controller | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | 2020-05-22 | not yet calculated | CVE-2020-13414 MISC |
| aviatrix — controller |
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | 2020-05-22 | not yet calculated | CVE-2020-13412 MISC |
| aviatrix — controller |
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | 2020-05-22 | not yet calculated | CVE-2020-13416 MISC |
| aviatrix — controller |
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. | 2020-05-22 | not yet calculated | CVE-2020-13415 MISC |
| aviatrix — controller |
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. | 2020-05-22 | not yet calculated | CVE-2020-13413 MISC |
| aviatrix — vpn_client |
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | 2020-05-22 | not yet calculated | CVE-2020-13417 MISC |
|
cisco — amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | not yet calculated | CVE-2020-3343 CISCO |
|
cisco — amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | not yet calculated | CVE-2020-3344 CISCO |
|
cisco — amp_for_endpoints_mac_connector_software |
A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. | 2020-05-22 | not yet calculated | CVE-2020-3314 CISCO |
| cisco — prime_collaboration_provisioning_software |
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. | 2020-05-22 | not yet calculated | CVE-2020-3184 CISCO |
| cisco — prime_nentwork_registrar |
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. | 2020-05-22 | not yet calculated | CVE-2020-3272 CISCO |
| cisco — unified_contact_center_express |
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. | 2020-05-22 | not yet calculated | CVE-2020-3280 CISCO |
| epson — eb-1470ui_main_devices |
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. | 2020-05-22 | not yet calculated | CVE-2020-6091 MISC |
|
freerdp — freerdp |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 2020-05-22 | not yet calculated | CVE-2020-13397 MISC MISC MISC |
| freerdp — freerdp |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 2020-05-22 | not yet calculated | CVE-2020-13398 MISC MISC MISC |
| freerdp — freerdp |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 2020-05-22 | not yet calculated | CVE-2020-13396 MISC MISC MISC |
| icrosoft — multiple_sharepoint_products | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105. | 2020-05-21 | not yet calculated | CVE-2020-1107 MISC |
| icrosoft — multiple_sharepoint_products |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107. | 2020-05-21 | not yet calculated | CVE-2020-1104 MISC |
| jenzabar — internet_campus_solution |
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented). | 2020-05-19 | not yet calculated | CVE-2020-8434 MISC |
| johnson_controls — software_house_c•cure_9000 |
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | 2020-05-21 | not yet calculated | CVE-2020-9045 CONFIRM CERT |
| joomla! — joomla! | The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. | 2020-05-23 | not yet calculated | CVE-2020-13424 MISC |
| kaoni — ezhttptrans |
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | 2020-05-22 | not yet calculated | CVE-2020-7813 MISC MISC |
| linux — linux_kernel |
A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol’s category bitmap into the SELinux extensible bitmap via the’ ebitmap_netlbl_import’ routine. While processing the CIPSO restricted bitmap tag in the ‘cipso_v4_parsetag_rbm’ routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | 2020-05-22 | not yet calculated | CVE-2020-10711 CONFIRM CONFIRM |
| meinheld — meinheld | meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. | 2020-05-22 | not yet calculated | CVE-2020-7658 MISC MISC |
| microsoft — .net_framework |
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka ‘.NET Framework Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1066 MISC |
| microsoft — asp.net_core_and_visual_studio_2017_and_2019 |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1161 MISC |
| microsoft — chakracore_and_edge_(html-based) | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1065 MISC |
| microsoft — chakracore_and_edge_(html-based) | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1037 MISC |
| microsoft — dynamics_365_(on-premises) |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1063 MISC |
| microsoft — edge_(chromium-based) | An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka ‘Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1195 MISC |
| microsoft — edge_(html-based) | A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka ‘Microsoft Edge Spoofing Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1059 MISC |
| microsoft — edge_(html-based) |
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka ‘Microsoft Edge PDF Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1096 MISC |
| microsoft — edge_(html-based) |
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1056 MISC |
| microsoft — internet_explorer_9_and_11 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. | 2020-05-21 | not yet calculated | CVE-2020-1093 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1062. | 2020-05-21 | not yet calculated | CVE-2020-1092 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093. | 2020-05-21 | not yet calculated | CVE-2020-1058 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093. | 2020-05-21 | not yet calculated | CVE-2020-1035 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093. | 2020-05-21 | not yet calculated | CVE-2020-1060 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1092. | 2020-05-21 | not yet calculated | CVE-2020-1062 MISC |
| microsoft — internet_explorer_9_and_11 |
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka ‘MSHTML Engine Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1064 MISC |
| microsoft — multiple_products | A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1108 MISC |
| microsoft — multiple_sharepoint_products |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102. | 2020-05-21 | not yet calculated | CVE-2020-1023 MISC |
| microsoft — multiple_sharepoint_products |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102. | 2020-05-21 | not yet calculated | CVE-2020-1024 MISC |
| microsoft — multiple_sharepoint_products |
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1103 MISC |
| microsoft — multiple_sharepoint_products |
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1069 MISC |
| microsoft — multiple_windows_products | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. | 2020-05-21 | not yet calculated | CVE-2020-1136 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka ‘Windows Printer Service Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1081 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1114. | 2020-05-21 | not yet calculated | CVE-2020-1087 MISC |
| microsoft — multiple_windows_products | A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1067 MISC |
| microsoft — multiple_windows_products | A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka ‘Microsoft Script Runtime Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1061 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1078 MISC |
| microsoft — multiple_windows_products | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1076 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082. | 2020-05-21 | not yet calculated | CVE-2020-1088 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166. | 2020-05-21 | not yet calculated | CVE-2020-1121 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1158 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1132 MISC |
| microsoft — multiple_windows_products | A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka ‘Microsoft Color Management Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1117 MISC |
| microsoft — multiple_windows_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. | 2020-05-21 | not yet calculated | CVE-2020-1179 MISC |
| microsoft — multiple_windows_products | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. | 2020-05-21 | not yet calculated | CVE-2020-1141 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1140 MISC |
| microsoft — multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1135 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1125 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1139 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1138 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka ‘Windows Push Notification Service Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1137 MISC |
| microsoft — multiple_windows_products |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. | 2020-05-21 | not yet calculated | CVE-2020-0963 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1134 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1149 MISC |
| microsoft — multiple_windows_products |
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka ‘Windows Task Scheduler Security Feature Bypass Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1113 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1131 MISC |
| microsoft — multiple_windows_products |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. | 2020-05-21 | not yet calculated | CVE-2020-1126 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1154 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1124 MISC |
| microsoft — multiple_windows_products |
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1084. | 2020-05-21 | not yet calculated | CVE-2020-1123 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1087. | 2020-05-21 | not yet calculated | CVE-2020-1114 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1054. | 2020-05-21 | not yet calculated | CVE-2020-1143 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1151 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1156 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka ‘Windows Update Stack Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1109. | 2020-05-21 | not yet calculated | CVE-2020-1110 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1155 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1157 MISC |
| microsoft — multiple_windows_products |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1153 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1121, CVE-2020-1165, CVE-2020-1166. | 2020-05-21 | not yet calculated | CVE-2020-1111 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1086 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka ‘Windows GDI Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1142 MISC |
| microsoft — multiple_windows_products |
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka ‘Windows Subsystem for Linux Information Disclosure Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1075 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1187 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1188 MISC |
| microsoft — multiple_windows_products |
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka ‘Microsoft Windows Transport Layer Security Denial of Service Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1118 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1090 MISC |
| microsoft — multiple_windows_products |
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1123. | 2020-05-21 | not yet calculated | CVE-2020-1084 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. | 2020-05-21 | not yet calculated | CVE-2020-1082 MISC |
| microsoft — multiple_windows_products |
An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka ‘Windows CSRSS Information Disclosure Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1116 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 2020-05-21 | not yet calculated | CVE-2020-1077 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158. | 2020-05-21 | not yet calculated | CVE-2020-1164 MISC |
| microsoft — multiple_windows_products |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1072 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1112 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka ‘Windows Remote Access Common Dialog Elevation of Privilege Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1071 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1048. | 2020-05-21 | not yet calculated | CVE-2020-1070 MISC |
| microsoft — multiple_windows_products |
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka ‘Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1055 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1143. | 2020-05-21 | not yet calculated | CVE-2020-1054 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1070. | 2020-05-21 | not yet calculated | CVE-2020-1048 MISC |
| microsoft — multiple_windows_products |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. | 2020-05-21 | not yet calculated | CVE-2020-1028 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. | 2020-05-21 | not yet calculated | CVE-2020-1021 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 2020-05-21 | not yet calculated | CVE-2020-1186 MISC |
| microsoft — multiple_windows_products |
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka ‘Windows Hyper-V Denial of Service Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-0909 MISC |
| microsoft — multiple_windows_products |
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka ‘Windows Update Stack Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1110. | 2020-05-21 | not yet calculated | CVE-2020-1109 MISC |
| microsoft — power_bi_report_server |
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka ‘Microsoft Power BI Report Server Spoofing Vulnerability’. | 2020-05-21 | not yet calculated | CVE-2020-1173 MISC |
|
microsoft — sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013_service_pack |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107. | 2020-05-21 | not yet calculated | CVE-2020-1105 MISC |
|
microsoft — sharepoint_enterprise_server_2016_and_sharepoint_server_2019 |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024. | 2020-05-21 | not yet calculated | CVE-2020-1102 MISC |
| microsoft — visual_studio_code |
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1171. | 2020-05-21 | not yet calculated | CVE-2020-1192 MISC |
| microsoft — visual_studio_code |
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1192. | 2020-05-21 | not yet calculated | CVE-2020-1171 MISC |
| microsoft — windows_10_and_windows_server |
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179. | 2020-05-21 | not yet calculated | CVE-2020-1145 MISC |
| microsoft — windows_10_and_windows_server |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1165. | 2020-05-21 | not yet calculated | CVE-2020-1166 MISC |
| microsoft — windows_10_and_windows_server |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1166. | 2020-05-21 | not yet calculated | CVE-2020-1165 MISC |
| microsoft — windows_7_and_windows_server_2008_r2 |
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136. | 2020-05-21 | not yet calculated | CVE-2020-1150 MISC |
| monstra — monstra_cms |
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. | 2020-05-22 | not yet calculated | CVE-2020-13384 MISC |
| mozilla — thunderbird |
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. | 2020-05-22 | not yet calculated | CVE-2020-12397 MISC MISC |
| netapp — element_os_and_element_healthtools |
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | 2020-05-21 | not yet calculated | CVE-2020-8572 MISC |
| ocproducts — composr_cms |
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | 2020-05-22 | not yet calculated | CVE-2020-8789 MISC FULLDISC |
| puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails |
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request’s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. | 2020-05-22 | not yet calculated | CVE-2020-11077 MISC CONFIRM |
| puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails |
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | 2020-05-22 | not yet calculated | CVE-2020-11076 MISC MISC CONFIRM |
| python — python |
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | 2020-05-22 | not yet calculated | CVE-2020-13388 MISC |
| schedmd — slurm |
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | 2020-05-21 | not yet calculated | CVE-2020-12693 CONFIRM CONFIRM |
| splashtop — streamer_and_business |
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0). | 2020-05-21 | not yet calculated | CVE-2020-12431 MISC MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13390 MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13391 MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13389 MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13394 MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13393 MISC |
| tenda — multiple_routers |
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | not yet calculated | CVE-2020-13392 MISC |
| trackr — trackr_devices |
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | 2020-05-23 | not yet calculated | CVE-2020-13425 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.