Vulnerability Summary for the Week of May 18, 2020

Original release date: May 25, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — overdrive
 
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-05-18 7.5 CVE-2019-7247
MISC
centreon — centreon
 
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. 2020-05-21 9 CVE-2020-13252
MISC
MISC
MISC
MISC
cherokee_project — cherokee
 
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many “Host: 127.0.0.1” headers. 2020-05-18 7.5 CVE-2019-20800
MISC
MISC
covidsafe — covidsafe
 
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used. 2020-05-18 7.5 CVE-2020-12856
MISC
MISC
MISC
d-link — dap-1360_devices An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. 2020-05-15 10 CVE-2019-18666
MISC
MISC
MISC
druva — insync_windows_client
 
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. 2020-05-21 7.2 CVE-2020-5752
MISC
MISC
eq-3 — homematic_ccu2_and_ccu3_devices
 
eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). 2020-05-15 7.5 CVE-2020-12834
MISC
facebook — proxygen
 
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. 2020-05-18 7.5 CVE-2020-1897
CONFIRM
freerdp — freerdp
 
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 7.5 CVE-2020-11521
MISC
CONFIRM
CONFIRM
ivanti — workspace_control
 
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. 2020-05-18 7.2 CVE-2019-17066
CONFIRM
logkitty — logkitty
 
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. 2020-05-15 7.5 CVE-2020-8149
MISC
mariadb — connector/c libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a client. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. 2020-05-20 7.5 CVE-2020-13249
MISC
MISC
microsoft — multiple_products
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. 2020-05-21 7.5 CVE-2020-0901
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068. 2020-05-21 7.2 CVE-2020-1079
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175. 2020-05-21 9.3 CVE-2020-1176
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1174
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079. 2020-05-21 7.2 CVE-2020-1010
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079. 2020-05-21 7.2 CVE-2020-1068
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1175
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1051
MISC
microweber — microweber
 
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. 2020-05-20 7.2 CVE-2020-13241
MISC
mikrotik — mikrotik-router-monitoring-system An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. 2020-05-16 7.5 CVE-2020-13118
MISC
MISC
misp_project — misp_maltego MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15 7.5 CVE-2020-12889
MISC
mylittleteels — mylittleadmin
 
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers’ installations) in web.config, and can be used to send serialized ASP code. 2020-05-19 7.5 CVE-2020-13166
MISC
MISC
netgear — multiple_products
 
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. 2020-05-18 8.3 CVE-2020-11549
MISC
MISC
MISC
netsweeper — netsweeper
 
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. 2020-05-19 7.5 CVE-2020-13167
MISC
nintendo — nintendo_64_devices
 
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. 2020-05-16 7.5 CVE-2020-13109
MISC
MISC
oblac — jodd
 
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. 2020-05-21 7.5 CVE-2018-21234
MISC
MISC
MISC
panasonic — multiple_devices Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at “End-of-software-support.” 2020-05-20 7.5 CVE-2020-11716
CONFIRM
panasonic — p99_devices
 
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at “End-of-software-support.” 2020-05-19 7.5 CVE-2020-11715
CONFIRM
panasonic — video_insight
 
Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors. 2020-05-20 7.5 CVE-2019-5997
MISC
MISC
raonwiz — k_upload
 
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. 2020-05-21 7.5 CVE-2020-7808
CONFIRM
smartbear — readyapi_soapui_pro
 
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. 2020-05-20 7.5 CVE-2020-12835
MISC
FULLDISC
MISC
MISC
stashcat — stashcat
 
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. 2020-05-18 9 CVE-2020-13129
MISC
MISC
tibco_software — multiple_jproducts The administrative UI component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server “superuser” for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. 2020-05-20 10 CVE-2020-9409
CONFIRM
vandyke — securecrt
 
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. 2020-05-15 10 CVE-2020-12651
MISC
MISC
CONFIRM
MISC
wso2 — api_manager
 
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node’s entire intranet. 2020-05-20 7.5 CVE-2020-13226
MISC
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — ati_diagnostics_hardware_sys/overclocking_utility
 
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-05-18 4.6 CVE-2019-7246
MISC
apache — couchdb
 
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue. 2020-05-20 6.8 CVE-2020-1955
MISC
apache — tomcat
 
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=”null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 2020-05-20 6.8 CVE-2020-9484
SUSE
MLIST
MISC
MLIST
MLIST
apt — apt
 
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. 2020-05-15 4.3 CVE-2020-3810
MISC
MISC
MISC
MISC
MISC
bitdefender — bitdefender_engines Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. 2020-05-15 5 CVE-2020-8100
MISC
bluetooth — bluetooth_core_specification Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. 2020-05-19 4.8 CVE-2020-10135
MISC
CERT-VN
CONFIRM
bluetooth — core
 
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. 2020-05-19 4.3 CVE-2020-10134
CERT-VN
CONFIRM
cacti — cacti
 
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). 2020-05-20 4 CVE-2020-13230
MISC
MISC
cacti — cacti
 
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. 2020-05-20 4.3 CVE-2020-13231
MISC
MISC
cellebrite — ufed
 
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. 2020-05-15 4.6 CVE-2020-12798
MISC
MISC
MISC
MISC
MISC
cherokee_project — cherokee
 
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. 2020-05-18 5 CVE-2019-20799
MISC
MISC
MISC
MISC
MISC
cherokee_project — cherokee
 
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. 2020-05-18 6 CVE-2019-20798
MISC
MISC
covidsafe — covidsafe
 
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. 2020-05-18 5 CVE-2020-12858
MISC
MISC
covidsafe — covidsafe
 
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. 2020-05-18 5 CVE-2020-12857
MISC
MISC
MISC
covidsafe — covidsafe
 
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner’s name. 2020-05-18 5 CVE-2020-12860
MISC
MISC
covidsafe — covidsafe
 
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations. 2020-05-18 5 CVE-2020-12859
MISC
MISC
d-link — dsp-w215_devices D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. 2020-05-18 5 CVE-2020-13136
MISC
dell — isilon
 
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. 2020-05-20 5 CVE-2020-5365
MISC
dell — isilon_onefs Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. 2020-05-20 5 CVE-2020-5364
MISC
digi — xbee_2_devices
 
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. 2020-05-21 5.5 CVE-2017-18868
MISC
dolibarr — dolibarr
 
The DMS/ECM module in Dolibarr 11.0.4 allows users with the ‘Setup documents directories’ permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. 2020-05-20 5.5 CVE-2020-13240
MISC
dovecot — dovecot
 
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. 2020-05-18 5 CVE-2020-10957
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM
dovecot — dovecot
 
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. 2020-05-18 5 CVE-2020-10958
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM
dovecot — dovecot
 
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. 2020-05-18 5 CVE-2020-10967
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM
dpdk — dpdk
 
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. 2020-05-19 4.6 CVE-2020-10723
SUSE
MISC
CONFIRM
UBUNTU
MISC
dpdk — dpdk
 
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. 2020-05-19 4.6 CVE-2020-10722
SUSE
MISC
CONFIRM
UBUNTU
MISC
dpdk — dpdk
 
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. 2020-05-20 4 CVE-2020-10725
SUSE
MISC
CONFIRM
MISC
e6y — prboom-plus
 
An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c. 2020-05-18 5 CVE-2019-20797
MISC
MISC
MISC
edx — open_edx_ironwood
 
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the “Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code” screen, edit the problem, and execute Python code. This leads to arbitrary code execution. 2020-05-18 6.5 CVE-2020-13144
MISC
MISC
MISC
edx — open_edx_ironwood
 
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the “Course>Data Downloads>Reports>Download profile info” feature. 2020-05-18 6.8 CVE-2020-13146
MISC
em-imap — em-imap
 
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. 2020-05-19 5.8 CVE-2020-13163
MISC
estsoft — alsong
 
ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. 2020-05-15 4.3 CVE-2020-7809
MISC
MISC
freerdp — freerdp libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. 2020-05-15 6.4 CVE-2020-11525
MISC
CONFIRM
CONFIRM
CONFIRM
gilacms — gila_cms Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. 2020-05-21 4.3 CVE-2019-20803
MISC
gilacms — gila_cms Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. 2020-05-21 6.8 CVE-2019-20804
MISC
gitea — gitea
 
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository’s ownership from one organization to another. 2020-05-20 5 CVE-2020-13246
MISC
MISC
MISC
google — chrome Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6476
MISC
MISC
google — chrome Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6478
MISC
MISC
google — chrome Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6483
MISC
MISC
google — chrome Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6479
MISC
MISC
google — chrome Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6487
MISC
MISC
google — chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-05-21 6.8 CVE-2020-6471
MISC
MISC
google — chrome Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. 2020-05-21 6.8 CVE-2020-6477
MISC
MISC
google — chrome Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6489
MISC
MISC
google — chrome Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6488
MISC
MISC
google — chrome
 
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6482
MISC
MISC
google — chrome
 
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. 2020-05-21 4.3 CVE-2020-6484
MISC
MISC
google — chrome
 
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6485
MISC
MISC
google — chrome
 
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6486
MISC
MISC
google — chrome
 
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6490
MISC
MISC
google — chrome
 
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6457
MISC
MISC
google — chrome
 
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. 2020-05-21 4.3 CVE-2020-6491
MISC
MISC
google — chrome
 
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6459
MISC
MISC
google — chrome
 
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6474
MISC
MISC
google — chrome
 
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-05-21 6.8 CVE-2020-6469
MISC
MISC
google — chrome
 
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6467
MISC
MISC
google — chrome
 
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6466
MISC
MISC
google — chrome
 
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6465
MISC
MISC
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6473
MISC
MISC
google — chrome
 
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. 2020-05-21 4.3 CVE-2020-6460
MISC
MISC
google — chrome
 
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6472
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. 2020-05-21 4.3 CVE-2020-6470
MISC
MISC
google — chrome
 
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6464
SUSE
MISC
MISC
google — chrome
 
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6475
MISC
MISC
google — chrome
 
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. 2020-05-21 4.3 CVE-2020-6481
MISC
MISC
google — chrome
 
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6468
MISC
MISC
google — chrome
 
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2020-05-21 6.8 CVE-2020-6458
MISC
MISC
google — chrome
 
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6461
MISC
MISC
google — chrome
 
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6462
MISC
MISC
google — chrome
 
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6463
MISC
MISC
gwtupload — gwtupload
 
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server’s threads to sleep, leading to denial of service. 2020-05-18 5 CVE-2020-13128
MISC
MISC
hive_solutions — netius
 
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks. 2020-05-21 4.3 CVE-2020-7655
MISC
horde — gollem
 
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL. 2020-05-18 4.3 CVE-2020-8034
CONFIRM
MISC
MISC
CONFIRM
horde — groupware_webmail_edition The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL. 2020-05-18 4.3 CVE-2020-8035
CONFIRM
CONFIRM
hp — nimble_storage
 
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 2020-05-19 6.5 CVE-2020-7138
MISC
hp — nimbleos
 
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 2020-05-19 5.5 CVE-2020-7139
MISC
hp — superdome_flex_server
 
A validation issue in HPE Superdome Flex’s RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. 2020-05-19 4.6 CVE-2020-7137
MISC
httplib2 — httplib2
 
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. 2020-05-20 4.3 CVE-2020-11078
MISC
CONFIRM
MLIST
huawei — e6878-370_devices
 
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution. 2020-05-21 5.4 CVE-2020-1799
MISC
huawei — multiple_smartphones
 
Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. 2020-05-15 5.8 CVE-2020-1808
MISC
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. 2020-05-19 4.3 CVE-2020-4286
XF
CONFIRM
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. 2020-05-20 4 CVE-2020-4461
XF
CONFIRM
ibm — spectrum_scale The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. 2020-05-19 4.9 CVE-2020-4411
XF
CONFIRM
ibm — spectrum_scale
 
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. 2020-05-19 5 CVE-2020-4412
XF
CONFIRM
ifax_solutions — avantfax_and_hylafax_enterprise_web_interface sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. 2020-05-19 6.5 CVE-2020-11766
CONFIRM
intel — cloud_hypervisor
 
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. 2020-05-19 4.6 CVE-2020-2025
CONFIRM
intelliants — subrion_cms
 
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user’s browser without proper output encoding. 2020-05-15 4.3 CVE-2019-20389
MISC
intelliants — subrion_cms
 
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim’s knowledge, by enticing an authenticated user to visit an attacker’s web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. 2020-05-15 5.8 CVE-2019-20390
MISC
interchange — interchange
 
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. 2020-05-15 4.3 CVE-2020-12685
MISC
CONFIRM
internet_systems_consortium — bind
 
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. 2020-05-19 5 CVE-2020-8617
MLIST
CONFIRM
CONFIRM
DEBIAN
internet_systems_consortium — bind
 
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. 2020-05-19 5 CVE-2020-8616
MISC
MLIST
CONFIRM
CONFIRM
DEBIAN
jquery — jquery
 
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove “<script>” HTML tags that contain a whitespace character, i.e: “</script >”, which results in the enclosed script logic to be executed. 2020-05-19 4.3 CVE-2020-7656
MISC
kde — amarok
 
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. 2020-05-20 4.3 CVE-2020-13152
MISC
knot-resolver — knot-resolver
 
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an “NXNSAttack” issue. This is triggered by random subdomains in the NSDNAME in NS records. 2020-05-19 5 CVE-2020-12667
MISC
MLIST
MISC
CONFIRM
libexif — libexif
 
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. 2020-05-21 6.4 CVE-2020-13112
MISC
libexif — libexif
 
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. 2020-05-21 5 CVE-2020-13113
MISC
libexif — libexif
 
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. 2020-05-21 4.3 CVE-2020-13114
MISC
libreoffice — libreoffice
 
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice’s default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. 2020-05-18 5 CVE-2020-12801
MISC
linux — linux_kernel
 
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal ‘’ value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. 2020-05-18 4.3 CVE-2020-13143
MISC
MISC
linux — linux_kernel
 
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. 2020-05-15 4.9 CVE-2020-12888
MLIST
FEDORA
MISC
MISC
micro_focus — service_manager
 
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. 2020-05-19 4.3 CVE-2020-11845
MISC
microsoft — multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. 2020-05-21 4.3 CVE-2020-1106
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1184
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1189
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1144
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1190
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190. 2020-05-21 4.6 CVE-2020-1191
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1185
MISC
microstar_international — multiple_msi_gaming_laptops Weak permissions on the “%PROGRAMDATA%MSIDragon Center” folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. 2020-05-18 4.6 CVE-2020-13149
MISC
misp_project — misp
 
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. 2020-05-18 4.3 CVE-2020-13153
MISC
MISC
moodle — moodle
 
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. 2020-05-21 6.5 CVE-2020-10738
CONFIRM
CONFIRM
CONFIRM
naver — whale_browser_installer Whale Browser Installer before 1.2.0.5 versions don’t support signature verification for Flash installer. 2020-05-20 6.4 CVE-2020-9753
CONFIRM
naviserver — naviserver
 
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. 2020-05-16 5 CVE-2020-13111
MISC
MISC
netgear — multiple_products
 
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. 2020-05-18 5.8 CVE-2020-11551
MISC
MISC
MISC
nitro_software — nitro_pro An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. 2020-05-18 6.8 CVE-2020-6092
MISC
nitro_software — nitro_pro
 
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file. 2020-05-18 4.3 CVE-2020-6093
MISC
nitro_software — nitro_pro
 
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2020-05-18 6.8 CVE-2020-6074
MISC
nlnet_labs — unbound
 
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. 2020-05-19 5 CVE-2020-12663
MLIST
FEDORA
CONFIRM
nlnet_labs — unbound
 
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an “NXNSAttack” issue. This is triggered by random subdomains in the NSDNAME in NS records. 2020-05-19 5 CVE-2020-12662
MISC
MLIST
FEDORA
CONFIRM
node.js — node.js
 
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. 2020-05-16 6.9 CVE-2020-13110
MISC
MISC
MISC
MISC
open_build_service — open_build_service
 
a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. 2020-05-19 4.3 CVE-2020-8021
CONFIRM
paid_memberships_pro — paid_memberships_pro SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2020-05-20 6.5 CVE-2020-5579
MISC
MISC
pcs — dexicon
 
PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. 2020-05-19 4.3 CVE-2020-6956
MISC
php — php
 
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. 2020-05-20 5 CVE-2019-11048
MISC
MISC
FEDORA
FEDORA
powerdns — recursor
 
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system’s hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have ‘’ termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has ‘’ termination.) Under some conditions, this issue can lead to the writing of one ‘’ byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. 2020-05-19 6.5 CVE-2020-10030
SUSE
CONFIRM
powerdns — recursor
 
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. 2020-05-19 5 CVE-2020-12244
SUSE
MLIST
CONFIRM
DEBIAN
powerdns — recursor
 
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. 2020-05-19 5 CVE-2020-10995
SUSE
MISC
CONFIRM
python — python Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. 2020-05-21 4.3 CVE-2020-13258
MISC
rconfig — rconfig
 
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. 2020-05-18 6.4 CVE-2020-12258
MISC
rconfig — rconfig
 
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). 2020-05-18 6.8 CVE-2020-12257
MISC
rconfig — rconfig
 
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. 2020-05-18 6.5 CVE-2020-12255
MISC
readdle — documents_app_for_ios
 
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application’s file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user’s data) via cross-origin requests. 2020-05-18 5 CVE-2019-20801
MISC
MISC
readdle — documents_app_for_ios
 
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application’s file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user’s data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim’s device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. 2020-05-18 4.3 CVE-2019-20802
MISC
MISC
red_hat — ansible_engine_and_ansible_tower
 
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. 2020-05-15 4.4 CVE-2020-10744
CONFIRM
red_hat — jboss_keycloak
 
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. 2020-05-15 4.3 CVE-2020-1758
CONFIRM
MISC
red_hat — jboss_resteasy
 
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. 2020-05-19 5 CVE-2020-1695
CONFIRM
rockwell_automation — eds_subsystem Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. 2020-05-19 4.3 CVE-2020-12038
MISC
rockwell_automation — eds_subsystem
 
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. 2020-05-20 4.8 CVE-2020-12034
MISC
signal — private_messenger
 
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim’s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined. 2020-05-20 5 CVE-2020-5753
MISC
sourcefabric — newscoop
 
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. 2020-05-19 4.6 CVE-2020-11807
MISC
MISC
submitty — submitty Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. 2020-05-16 5.8 CVE-2020-13121
MISC
tibco_software — multiple_products
 
The report generator component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. 2020-05-20 6.8 CVE-2020-9410
CONFIRM
transmission — transmission
 
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. 2020-05-15 6.8 CVE-2018-10756
MISC
MLIST
FEDORA
MISC
unisys — algol_compiler
 
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. 2020-05-21 5.9 CVE-2020-12647
CONFIRM
videolan — vlc_media_player
 
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. 2020-05-15 6.8 CVE-2019-19721
MISC
MISC
MISC
MISC
vmware — cloud_director
 
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. 2020-05-20 6.5 CVE-2020-3956
MISC
wireshark — wireshark
 
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. 2020-05-19 5 CVE-2020-13164
MISC
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the “Ultimate Addons for Elementor” plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. 2020-05-17 6.4 CVE-2020-13125
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. 2020-05-17 6.5 CVE-2020-13126
MISC
MISC
wowza_media_systems — wowza_streaming_engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. 2020-05-18 4.3 CVE-2019-19456
MISC
wowza_media_systems — wowza_streaming_engine An arbitrary file download was found in the “Download Log” functionality of Wowza Streaming Engine <= 4.x.x 2020-05-18 5 CVE-2019-19454
MISC
zoho — manageengine_service_plus
 
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. 2020-05-18 4 CVE-2020-13154
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
d-link — dsp-w215_devices
 
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. 2020-05-18 3.3 CVE-2020-13135
MISC
dolibarr — dolibarr Dolibarr before 11.0.4 allows XSS. 2020-05-18 3.5 CVE-2020-13094
MISC
MISC
MISC
dolibarr — dolibarr
 
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. 2020-05-20 3.5 CVE-2020-13239
MISC
dpdk — dpdk A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. 2020-05-19 2.1 CVE-2020-10724
SUSE
MISC
CONFIRM
UBUNTU
MISC
dpdk — dpdk
 
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. 2020-05-20 2.1 CVE-2020-10726
SUSE
MISC
CONFIRM
MISC
edx — open_edx_ironwood
 
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the “Content>File Uploads” screen. These files can contain JavaScript code and thus lead to Stored XSS. 2020-05-18 3.5 CVE-2020-13145
MISC
google — chrome Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. 2020-05-21 1.9 CVE-2020-6480
MISC
MISC
hpipam — phpipam
 
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. 2020-05-20 3.5 CVE-2020-13225
MISC
MISC
huawei — multiple_products
 
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly.Affected product versions include:Product Name version Affected Version;Anne-AL00 versions Versions earlier than 9.1.0.331(C675E9R1P3T8);Berkeley-L09 versions Versions earlier than 10.0.1.1(C675R1);CD16-10 versions Versions earlier than 10.0.2.8;CD17-10 versions Versions earlier than 10.0.2.8;CD17-16 versions Versions earlier than 10.0.2.8;CD18-10 versions Versions earlier than 10.0.2.8;CD18-16 versions Versions earlier than 10.0.2.8;Columbia-TL00B versions Versions earlier than 9.0.0.187(C01E181R1P20T8);E6878-370 versions Versions earlier than 10.0.5.1(H610SP10C00);Honor 10 Lite versions Versions earlier than 10.0.0.182(C675E17R2P2);LelandP-L22A versions Versions earlier than 9.1.0.166(C675E5R1P4T8);TC5200-16 versions 2020-05-21 3.3 CVE-2020-9069
MISC
huawei — p20_smartphones
 
Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user’s identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. 2020-05-15 2.1 CVE-2020-9073
MISC
ibm — i IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. 2020-05-17 1.9 CVE-2020-4345
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. 2020-05-19 3.5 CVE-2020-4298
XF
CONFIRM
kata — kata_containers
 
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. 2020-05-19 2.1 CVE-2020-2024
CONFIRM
CONFIRM
micro_focus — enterprise_server_and_enterprise_developer
 
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). 2020-05-18 3.5 CVE-2020-9524
MISC
microsoft — multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1100
MISC
microsoft — multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1101
MISC

microsoft — sharepoint_enterprise_server_2016_and_sharepoint_server_2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1099
MISC
netgear — multiple_products
 
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). 2020-05-18 3.3 CVE-2020-11550
MISC
MISC
MISC
pulseaudio — pulseaudio
 
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; 2020-05-15 2.1 CVE-2020-11931
MISC
UBUNTU
rconfig — rconfig
 
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. 2020-05-18 3.5 CVE-2020-12259
MISC
rconfig — rconfig
 
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. 2020-05-18 3.5 CVE-2020-12256
MISC
submitty — submitty
 
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. 2020-05-15 3.5 CVE-2020-12882
MISC
MISC
yaws — yaws
 
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. 2020-05-15 2.1 CVE-2020-12872
MISC
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
anchorfree — vpn_sdk An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. 2020-05-21 not yet calculated CVE-2020-12828
MISC
apache — kylin
 
Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. 2020-05-22 not yet calculated CVE-2020-1956
MISC
aviatrix — controller An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. 2020-05-22 not yet calculated CVE-2020-13414
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. 2020-05-22 not yet calculated CVE-2020-13412
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. 2020-05-22 not yet calculated CVE-2020-13416
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. 2020-05-22 not yet calculated CVE-2020-13415
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. 2020-05-22 not yet calculated CVE-2020-13413
MISC
aviatrix — vpn_client
 
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. 2020-05-22 not yet calculated CVE-2020-13417
MISC

cisco — amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 not yet calculated CVE-2020-3343
CISCO

cisco — amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 not yet calculated CVE-2020-3344
CISCO

cisco — amp_for_endpoints_mac_connector_software

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. 2020-05-22 not yet calculated CVE-2020-3314
CISCO
cisco — prime_collaboration_provisioning_software
 
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. 2020-05-22 not yet calculated CVE-2020-3184
CISCO
cisco — prime_nentwork_registrar
 
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. 2020-05-22 not yet calculated CVE-2020-3272
CISCO
cisco — unified_contact_center_express
 
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. 2020-05-22 not yet calculated CVE-2020-3280
CISCO
epson — eb-1470ui_main_devices
 
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. 2020-05-22 not yet calculated CVE-2020-6091
MISC

freerdp — freerdp

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. 2020-05-22 not yet calculated CVE-2020-13397
MISC
MISC
MISC
freerdp — freerdp
 
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. 2020-05-22 not yet calculated CVE-2020-13398
MISC
MISC
MISC
freerdp — freerdp
 
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. 2020-05-22 not yet calculated CVE-2020-13396
MISC
MISC
MISC
icrosoft — multiple_sharepoint_products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105. 2020-05-21 not yet calculated CVE-2020-1107
MISC
icrosoft — multiple_sharepoint_products
 
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107. 2020-05-21 not yet calculated CVE-2020-1104
MISC
jenzabar — internet_campus_solution
 
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented). 2020-05-19 not yet calculated CVE-2020-8434
MISC
johnson_controls — software_house_c•cure_9000
 
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. 2020-05-21 not yet calculated CVE-2020-9045
CONFIRM
CERT
joomla! — joomla! The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. 2020-05-23 not yet calculated CVE-2020-13424
MISC
kaoni — ezhttptrans
 
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. 2020-05-22 not yet calculated CVE-2020-7813
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol’s category bitmap into the SELinux extensible bitmap via the’ ebitmap_netlbl_import’ routine. While processing the CIPSO restricted bitmap tag in the ‘cipso_v4_parsetag_rbm’ routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. 2020-05-22 not yet calculated CVE-2020-10711
CONFIRM
CONFIRM
meinheld — meinheld meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. 2020-05-22 not yet calculated CVE-2020-7658
MISC
MISC
microsoft — .net_framework
 
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka ‘.NET Framework Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1066
MISC
microsoft — asp.net_core_and_visual_studio_2017_and_2019
 
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1161
MISC
microsoft — chakracore_and_edge_(html-based) A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1065
MISC
microsoft — chakracore_and_edge_(html-based) A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1037
MISC
microsoft — dynamics_365_(on-premises)
 
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1063
MISC
microsoft — edge_(chromium-based) An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka ‘Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1195
MISC
microsoft — edge_(html-based) A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka ‘Microsoft Edge Spoofing Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1059
MISC
microsoft — edge_(html-based)
 
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka ‘Microsoft Edge PDF Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1096
MISC
microsoft — edge_(html-based)
 
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1056
MISC
microsoft — internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. 2020-05-21 not yet calculated CVE-2020-1093
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1062. 2020-05-21 not yet calculated CVE-2020-1092
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1058
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1035
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1060
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1092. 2020-05-21 not yet calculated CVE-2020-1062
MISC
microsoft — internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka ‘MSHTML Engine Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1064
MISC
microsoft — multiple_products A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1108
MISC
microsoft — multiple_sharepoint_products
 
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102. 2020-05-21 not yet calculated CVE-2020-1023
MISC
microsoft — multiple_sharepoint_products
 
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102. 2020-05-21 not yet calculated CVE-2020-1024
MISC
microsoft — multiple_sharepoint_products
 
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1103
MISC
microsoft — multiple_sharepoint_products
 
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1069
MISC
microsoft — multiple_windows_products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1136
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka ‘Windows Printer Service Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1081
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1114. 2020-05-21 not yet calculated CVE-2020-1087
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1067
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka ‘Microsoft Script Runtime Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1061
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1078
MISC
microsoft — multiple_windows_products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1076
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082. 2020-05-21 not yet calculated CVE-2020-1088
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1121
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1158
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1132
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka ‘Microsoft Color Management Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1117
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. 2020-05-21 not yet calculated CVE-2020-1179
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-1141
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1140
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1135
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1125
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1139
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1138
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka ‘Windows Push Notification Service Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1137
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-0963
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1134
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1149
MISC
microsoft — multiple_windows_products
 
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka ‘Windows Task Scheduler Security Feature Bypass Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1113
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1131
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1126
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1154
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1124
MISC
microsoft — multiple_windows_products
 
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1084. 2020-05-21 not yet calculated CVE-2020-1123
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1087. 2020-05-21 not yet calculated CVE-2020-1114
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1054. 2020-05-21 not yet calculated CVE-2020-1143
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1151
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1156
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka ‘Windows Update Stack Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1109. 2020-05-21 not yet calculated CVE-2020-1110
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1155
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1157
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1153
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1121, CVE-2020-1165, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1111
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1086
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka ‘Windows GDI Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1142
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka ‘Windows Subsystem for Linux Information Disclosure Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1075
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1187
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1188
MISC
microsoft — multiple_windows_products
 
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka ‘Microsoft Windows Transport Layer Security Denial of Service Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1118
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1090
MISC
microsoft — multiple_windows_products
 
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka ‘Connected User Experiences and Telemetry Service Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1123. 2020-05-21 not yet calculated CVE-2020-1084
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. 2020-05-21 not yet calculated CVE-2020-1082
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka ‘Windows CSRSS Information Disclosure Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1116
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1077
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158. 2020-05-21 not yet calculated CVE-2020-1164
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1072
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1112
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka ‘Windows Remote Access Common Dialog Elevation of Privilege Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1071
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1048. 2020-05-21 not yet calculated CVE-2020-1070
MISC
microsoft — multiple_windows_products
 
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka ‘Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1055
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1143. 2020-05-21 not yet calculated CVE-2020-1054
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1070. 2020-05-21 not yet calculated CVE-2020-1048
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1028
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. 2020-05-21 not yet calculated CVE-2020-1021
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1186
MISC
microsoft — multiple_windows_products
 
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka ‘Windows Hyper-V Denial of Service Vulnerability’. 2020-05-21 not yet calculated CVE-2020-0909
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka ‘Windows Update Stack Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1110. 2020-05-21 not yet calculated CVE-2020-1109
MISC
microsoft — power_bi_report_server
 
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka ‘Microsoft Power BI Report Server Spoofing Vulnerability’. 2020-05-21 not yet calculated CVE-2020-1173
MISC

microsoft — sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013_service_pack

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107. 2020-05-21 not yet calculated CVE-2020-1105
MISC

microsoft — sharepoint_enterprise_server_2016_and_sharepoint_server_2019

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024. 2020-05-21 not yet calculated CVE-2020-1102
MISC
microsoft — visual_studio_code
 
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1171. 2020-05-21 not yet calculated CVE-2020-1192
MISC
microsoft — visual_studio_code
 
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1192. 2020-05-21 not yet calculated CVE-2020-1171
MISC
microsoft — windows_10_and_windows_server
 
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-1145
MISC
microsoft — windows_10_and_windows_server
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1165. 2020-05-21 not yet calculated CVE-2020-1166
MISC
microsoft — windows_10_and_windows_server
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka ‘Windows Clipboard Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1165
MISC
microsoft — windows_7_and_windows_server_2008_r2
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136. 2020-05-21 not yet calculated CVE-2020-1150
MISC
monstra — monstra_cms
 
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. 2020-05-22 not yet calculated CVE-2020-13384
MISC
mozilla — thunderbird
 
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. 2020-05-22 not yet calculated CVE-2020-12397
MISC
MISC
netapp — element_os_and_element_healthtools
 
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. 2020-05-21 not yet calculated CVE-2020-8572
MISC
ocproducts — composr_cms
 
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. 2020-05-22 not yet calculated CVE-2020-8789
MISC
FULLDISC
puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails
 
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request’s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. 2020-05-22 not yet calculated CVE-2020-11077
MISC
CONFIRM
puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails
 
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. 2020-05-22 not yet calculated CVE-2020-11076
MISC
MISC
CONFIRM
python — python
 
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. 2020-05-22 not yet calculated CVE-2020-13388
MISC
schedmd — slurm
 
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. 2020-05-21 not yet calculated CVE-2020-12693
CONFIRM
CONFIRM
splashtop — streamer_and_business
 
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0). 2020-05-21 not yet calculated CVE-2020-12431
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13390
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13391
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13389
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13394
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13393
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13392
MISC
trackr — trackr_devices
 
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. 2020-05-23 not yet calculated CVE-2020-13425
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Next PostRead more articles