Vulnerability Summary for the Week of May 25, 2020

Original release date: June 1, 2020

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adminpanel — adminplanel
 
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. 2020-05-24 7.5 CVE-2020-13433
MISC
MISC
apache — kylin
 
Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. 2020-05-22 9 CVE-2020-1956
MISC
aviatrix — vpn_client
 
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. 2020-05-22 7.5 CVE-2020-13417
MISC
bosch — recording_station
 
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. 2020-05-27 7.2 CVE-2020-6774
MISC
cisco — prime_network_registrar
 
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. 2020-05-22 7.8 CVE-2020-3272
CISCO
cisco — unified_contact_center_express
 
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. 2020-05-22 10 CVE-2020-3280
CISCO
cybozu — cybozu_desktop_for_windows
 
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. 2020-05-25 7.5 CVE-2020-5537
JVN
MISC
MISC
dext5 — dext5_upload A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/. 2020-05-25 7.5 CVE-2020-13442
MISC
dns-sync — dns-sync
 
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1. 2020-05-28 7.5 CVE-2020-11079
MISC
CONFIRM

kaoni — ezhttptrans

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. 2020-05-22 7.5 CVE-2020-7813
MISC
MISC
kaoni — ezhttptrans
 
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. 2020-05-28 7.5 CVE-2020-7812
MISC
MISC
lenovo — lj4010dn_devices
 
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. 2020-05-28 7.8 CVE-2020-8330
CONFIRM
lenovo — lj4010dn_devices
 
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. 2020-05-28 7.8 CVE-2020-8329
CONFIRM
mozilla — firefox Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. 2020-05-26 7.5 CVE-2020-12390
MISC
MISC
mozilla — firefox
 
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. 2020-05-26 7.5 CVE-2020-12396
MISC
MISC
mozilla — firefox_and_firefox_esr
 
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. 2020-05-26 7.5 CVE-2020-12389
MISC
MISC
MISC
mozilla — firefox_and_firefox_esr
 
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. 2020-05-26 7.5 CVE-2020-12388
MISC
MISC
MISC
MISC
mozilla — firefox_and_firefox_esr_and_thunderbird
 
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. 2020-05-26 10 CVE-2020-12395
MISC
MISC
MISC
MISC
mozilla — firefox_and_firefox_esr_and_thunderbird
 
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. 2020-05-26 7.5 CVE-2020-6831
MISC
MISC
MISC
MISC
python — python
 
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. 2020-05-22 7.5 CVE-2020-13388
MISC
MISC
CONFIRM
sqlite — sqlite
 
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. 2020-05-27 7.5 CVE-2020-13630
MISC
MISC
sympa — sympa
 
Sympa before 6.2.56 allows privilege escalation. 2020-05-27 7.2 CVE-2020-10936
MISC
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13392
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13394
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13393
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13391
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13390
MISC
MISC
tenda — multiple_routers
 
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 7.5 CVE-2020-13389
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. 2020-05-27 7.5 CVE-2020-8606
MISC
MISC
ubiquiti — airmax_xm_and_xw_and_ti_series_devices We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. 2020-05-26 7.5 CVE-2020-8171
MISC
MISC
MISC
vim — vim
 
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). 2020-05-28 10 CVE-2019-20807
MISC
MISC
wordpress — wordpress
 
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. 2020-05-29 7.5 CVE-2020-13693
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aviatrix — controller
 
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. 2020-05-22 5 CVE-2020-13415
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. 2020-05-22 6.8 CVE-2020-13412
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. 2020-05-22 5 CVE-2020-13414
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. 2020-05-22 5 CVE-2020-13413
MISC
aviatrix — controller
 
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. 2020-05-22 4.3 CVE-2020-13416
MISC
axel — axel An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. 2020-05-26 4.3 CVE-2020-13614
MISC
MISC
centreon — centreon
 
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. 2020-05-27 4.3 CVE-2020-10946
MISC
centreon — centreon
 
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. 2020-05-27 4.3 CVE-2020-13628
MISC
centreon — centreon
 
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. 2020-05-27 4.3 CVE-2020-13627
MISC
cisco — amp_for_endpoints_mac_connector
 
A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. 2020-05-22 5.8 CVE-2020-3314
CISCO
cisco — prime_collaboration_provisioning_software
 
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. 2020-05-22 6.5 CVE-2020-3184
CISCO
drupal — drupal
 
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. 2020-05-28 6.8 CVE-2019-6342
CONFIRM
em-http_request — em-http-request
 
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. 2020-05-25 6.8 CVE-2020-13482
MISC
epson — eb-1470ui_devices An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. 2020-05-22 6.4 CVE-2020-6091
MISC
ffipeg — ffipeg ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. 2020-05-24 4.3 CVE-2020-13439
MISC
ffipeg — ffipeg ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. 2020-05-24 4.3 CVE-2020-13438
MISC
ffipeg — ffipeg ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. 2020-05-24 4.3 CVE-2020-13440
MISC
fork — fork_cms
 
Fork before 5.8.3 allows XSS via navigation_title or title. 2020-05-27 4.3 CVE-2020-13633
MISC
freerdp — freerdp In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. 2020-05-29 4 CVE-2020-11018
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. 2020-05-29 5 CVE-2020-11017
CONFIRM
gnome — glib-networking In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server’s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. 2020-05-28 6.4 CVE-2020-13645
MISC
MISC
grafana_labs — grafana
 
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. 2020-05-24 4.3 CVE-2020-13430
MISC
MISC
CONFIRM
ibm — business_automation_workflow
 
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 2020-05-29 5.8 CVE-2020-4490
XF
CONFIRM
ibm — mobilefirst_platform_foundation
 
IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207. 2020-05-27 5 CVE-2020-4226
XF
CONFIRM
ibm — mq_for_hpe_nonstop
 
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. 2020-05-29 4.4 CVE-2020-4352
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. 2020-05-28 4 CVE-2020-4249
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. 2020-05-28 4 CVE-2020-4248
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. 2020-05-28 4 CVE-2020-4231
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. 2020-05-28 5 CVE-2020-4233
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. 2020-05-28 5 CVE-2020-4244
XF
CONFIRM

ibm — security_identity_governance_and_intelligence

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. 2020-05-28 5 CVE-2020-4245
XF
CONFIRM
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. 2020-05-28 5 CVE-2020-4232
XF
CONFIRM
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. 2020-05-28 5.5 CVE-2020-4246
XF
CONFIRM

ibm — spectrum_scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. 2020-05-27 5 CVE-2020-4350
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. 2020-05-27 4 CVE-2020-4378
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. 2020-05-27 5 CVE-2020-4349
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. 2020-05-27 4 CVE-2020-4357
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 2020-05-27 4 CVE-2020-4348
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. 2020-05-27 5 CVE-2020-4379
XF
CONFIRM
jerryscript — jerryscript JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. 2020-05-27 5 CVE-2020-13623
MISC
jerryscript — jerryscript
 
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. 2020-05-28 5 CVE-2020-13649
MISC
MISC
MISC
jerryscript — jerryscript
 
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. 2020-05-27 5 CVE-2020-13622
MISC
MISC
joomla! — joomla!
 
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. 2020-05-23 4 CVE-2020-13424
MISC
kaminari — kaminari In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. 2020-05-28 4.3 CVE-2020-11082
MISC
MISC
CONFIRM
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. 2020-05-27 5 CVE-2019-20806
MISC
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol’s category bitmap into the SELinux extensible bitmap via the’ ebitmap_netlbl_import’ routine. While processing the CIPSO restricted bitmap tag in the ‘cipso_v4_parsetag_rbm’ routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. 2020-05-22 5 CVE-2020-10711
CONFIRM
CONFIRM
meinheld — meinheld meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. 2020-05-22 4.3 CVE-2020-7658
MISC
MISC
monstra — monstra_cms Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. 2020-05-22 6.5 CVE-2020-13384
MISC
mozilla — firefox
 
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. 2020-05-26 5 CVE-2020-12391
MISC
MISC
mozilla — firefox_and_firefox_esr_and_thunderbird
 
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. 2020-05-26 6.8 CVE-2020-12387
MISC
MISC
MISC
MISC
mozilla — firefox_and_firefox_esr_and_thunderbird
 
The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. 2020-05-26 4.6 CVE-2020-12393
MISC
MISC
MISC
MISC
mozilla — firefox_for_ios
 
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token was being used for JS-to-native also, but it isn’t needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25. 2020-05-26 5 CVE-2020-6830
MISC
MISC
mozilla — thunderbird
 
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. 2020-05-22 4.3 CVE-2020-12397
MISC
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. 2020-05-28 4.3 CVE-2020-13245
MISC
MISC
netqmail — netqmail
 
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. 2020-05-26 5 CVE-2020-3811
CONFIRM
MISC
CONFIRM
pi-hole — pi-hole
 
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. 2020-05-29 6.5 CVE-2020-8816
CONFIRM
MISC
pichi — pichi
 
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. 2020-05-26 4.3 CVE-2020-13616
MISC
MISC
pixel_&_tonic — craft_cms The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. 2020-05-25 5.8 CVE-2020-13486
MISC
pixel_&_tonic — craft_cms
 
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. 2020-05-25 6.4 CVE-2020-13485
MISC
MISC
pixel_&_tonic — craft_cms
 
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. 2020-05-25 6.8 CVE-2020-13458
MISC
protocol_labs — aegir
 
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1. 2020-05-27 5 CVE-2020-11059
CONFIRM
puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request’s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. 2020-05-22 5 CVE-2020-11077
MISC
CONFIRM
puma_gem_for_ruby_on_rails — puma_gem_for_ruby_on_rails
 
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. 2020-05-22 5 CVE-2020-11076
MISC
MISC
CONFIRM
qore — qore
 
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. 2020-05-26 4.3 CVE-2020-13615
MISC
MISC
red_hat — undertow A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. 2020-05-26 6.4 CVE-2020-10719
CONFIRM
sqlite — sqlite
 
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. 2020-05-24 5 CVE-2020-13435
CONFIRM
MISC
sqlite — sqlite
 
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. 2020-05-24 5 CVE-2020-13434
MLIST
CONFIRM
MISC
MISC
sqlite — sqlite
 
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. 2020-05-27 5 CVE-2020-13631
MISC
MISC
sqlite — sqlite
 
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. 2020-05-27 5 CVE-2020-13632
MISC
MISC

teradici — pcoip_standard_agent_for_windows_and_pcoip_graphics_agent_for_windows

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. 2020-05-28 4.6 CVE-2020-13173
CONFIRM
trackr — multiple_devices
 
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. 2020-05-23 6.8 CVE-2020-13425
MISC
trend_micro — interscan_web_security_virtual_appliance A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. 2020-05-27 6.5 CVE-2020-8605
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. 2020-05-27 5 CVE-2020-8604
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-05-27 4.3 CVE-2020-8603
MISC
MISC
ubiquiti — airmax_xm_and_xw_and_ti_series_devices
 
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user’ session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. 2020-05-26 4.3 CVE-2020-8170
MISC
MISC
MISC
ubiquiti — airmax_xm_and_xw_and_ti_series_devices
 
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device’s firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. 2020-05-26 6.8 CVE-2020-8168
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim’s browser. 2020-05-28 6.8 CVE-2020-13642
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim’s browser. 2020-05-28 6.8 CVE-2020-13643
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. 2020-05-28 6.8 CVE-2020-13641
MISC
MISC
wordpress — wordpress
 
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. 2020-05-29 6.5 CVE-2020-12675
MISC
MISC
youhua — windows_master
 
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558 2020-05-29 6.1 CVE-2020-13634
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
centreon — centreon
 
Centreon before 19.10.7 exposes Session IDs in server responses. 2020-05-27 3.3 CVE-2020-10945
MISC
cisco — endpoints_linux_connector_software_and_endpoints_mac_connector_software
 
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 2.1 CVE-2020-3344
CISCO
cisco — endpoints_linux_connector_software_and_endpoints_mac_connector_software
 
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 2.1 CVE-2020-3343
CISCO
cmsmadesimple — cms_made_simple
 
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. 2020-05-28 3.5 CVE-2020-13660
MISC
MISC
cybozu — kinton_mobile_for_android
 
Android App ‘kintone mobile for Android’ 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. 2020-05-29 2.1 CVE-2020-5573
MISC
MISC
cybozu — mailwise_for_android
 
Android App ‘Mailwise for Android’ 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. 2020-05-29 2.1 CVE-2020-5572
MISC
MISC
dell — client_consumer_and_commercial_docking_stations
 
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. 2020-05-28 2.6 CVE-2020-5357
MISC
freerdp — freerdp
 
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. 2020-05-22 2.1 CVE-2020-13396
MISC
MISC
MISC
freerdp — freerdp
 
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. 2020-05-22 2.1 CVE-2020-13398
MISC
MISC
MISC
freerdp — freerdp
 
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. 2020-05-22 2.1 CVE-2020-13397
MISC
MISC
MISC
grafana_labs — grafana
 
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. 2020-05-24 3.5 CVE-2020-13429
MISC
MISC
huawei — p30_smartphones
 
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user’s privilege. 2020-05-29 2.1 CVE-2020-1798
CONFIRM
ibm — jazz_reporting_service
 
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071. 2020-05-28 3.5 CVE-2020-4419
XF
CONFIRM
ibm — planning_analytics_local
 
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. 2020-05-29 3.5 CVE-2020-4306
XF
CONFIRM
ibm — spectrum_scale
 
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762. 2020-05-27 3.5 CVE-2020-4358
XF
CONFIRM
mozilla — firefox
 
A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. 2020-05-26 2.1 CVE-2020-12394
MISC
MISC
mozilla — firefox_and_firefox_esr_and_thunderbird
 
The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. 2020-05-26 2.1 CVE-2020-12392
MISC
MISC
MISC
MISC
netqmail — netqmail
 
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker’s home directory, without dropping its privileges first. 2020-05-26 2.1 CVE-2020-3812
CONFIRM
MISC
CONFIRM
ocproducts — composr
 
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. 2020-05-22 3.5 CVE-2020-8789
MISC
FULLDISC
pixel_&_tonic — craft_cms An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. 2020-05-25 3.5 CVE-2020-13459
MISC
qemu — qemu
 
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. 2020-05-27 2.1 CVE-2020-13253
CONFIRM
CONFIRM
MISC
qemu — qemu
 
In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. 2020-05-28 2.1 CVE-2020-13361
CONFIRM
MISC
qemu — qemu
 
In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. 2020-05-28 2.1 CVE-2020-13362
CONFIRM
MISC
MISC
wordpress — wordpress The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. 2020-05-26 3.5 CVE-2020-13487
MISC
MISC
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. 2020-05-28 3.5 CVE-2020-13644
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — device_library_wizard
 
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data 2020-05-29 not yet calculated CVE-2020-8482
CONFIRM
anchore — engine
 
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as – including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to ‘root’ then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. 2020-05-27 not yet calculated CVE-2020-11075
MISC
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11089
MISC
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11088
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11086
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11085
MISC
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11043
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, …). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11041
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11040
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11039
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11038
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, when running with logger set to “WLOG_TRACE”, a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11019
CONFIRM
freerdp — freerdp
 
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. 2020-05-29 not yet calculated CVE-2020-11087
MISC
CONFIRM
huawei — cloudengine_12800_products
 
CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. 2020-05-29 not yet calculated CVE-2020-1870
CONFIRM
huawei — e6878-370_products
 
E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. 2020-05-29 not yet calculated CVE-2020-1832
CONFIRM
huawei — honor_9x_smartphones
 
Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. 2020-05-29 not yet calculated CVE-2020-1833
CONFIRM
huawei — mate_10_smartphones
 
HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. 2020-05-29 not yet calculated CVE-2020-1809
CONFIRM
huawei — mate_20_smartphones
 
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. 2020-05-29 not yet calculated CVE-2020-1831
CONFIRM
huawei — mate_20_smartphones
 
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. 2020-05-29 not yet calculated CVE-2020-1797
CONFIRM
kantech — entrapass_editions
 
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. 2020-05-26 not yet calculated CVE-2020-9046
CONFIRM
CERT
linux — linux_kernel
 
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. 2020-05-26 not yet calculated CVE-2020-10751
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
micro_focus — service_management_automation
 
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. 2020-05-29 not yet calculated CVE-2020-11844
CONFIRM
mulesoft — mule_ce/ee
 
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. 2020-05-29 not yet calculated CVE-2020-6937
CONFIRM
oddjob-mkhomedir — oddjob-mkhomedir
 
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home’s user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory’s unprivileged user. 2020-05-27 not yet calculated CVE-2020-10737
CONFIRM
CONFIRM
smartdraw — smartdraw_2020
 
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:SmartDraw 2020MessagesSDNotify.exe. The folder Messages doesn’t exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine. 2020-05-27 not yet calculated CVE-2020-13386
MISC
swarcos — cpu_ls4000_series_devices
 
An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4… grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. 2020-05-29 not yet calculated CVE-2020-12493
CONFIRM
synk-broker — synk-broker

 

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network by creating symlinks to match whitelisted paths. 2020-05-29 not yet calculated CVE-2020-7653
MISC
MISC
synk-broker — synk-broker

 

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. 2020-05-29 not yet calculated CVE-2020-7654
MISC
MISC
synk-broker — synk-broker

 

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk’s internal network via patch history from GitHub Commits API. 2020-05-29 not yet calculated CVE-2020-7651
MISC
MISC
synk-broker — synk-broker

 

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal. 2020-05-29 not yet calculated CVE-2020-7652
MISC
MISC
synk-broker — synk-broker

 

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk’s internal network of any files ending in the following extensions: yaml, yml or json. 2020-05-29 not yet calculated CVE-2020-7650
MISC
MISC
synk-broker — synk-broker
 
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk’s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` 2020-05-29 not yet calculated CVE-2020-7648
MISC
MISC
vivotek — network_cameras
 
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. 2020-05-28 not yet calculated CVE-2020-11950
CONFIRM
vivotek — network_cameras
 
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera’s local filesystem. For example, this affects IT9388-HT devices. 2020-05-28 not yet calculated CVE-2020-11949
CONFIRM
vmware — multiple_products
 
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. 2020-05-29 not yet calculated CVE-2020-3957
CONFIRM
vmware — multiple_products
 
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine’s vmx process leading to a denial of service condition. 2020-05-29 not yet calculated CVE-2020-3958
CONFIRM
vmware — multiple_products
 
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine’s vmx process leading to a partial denial of service. 2020-05-29 not yet calculated CVE-2020-3959
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.