Original release date: May 11, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — syncope |
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. | 2020-05-04 | 7.5 | CVE-2020-1961 MISC |
| apache — syncope |
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. | 2020-05-04 | 7.5 | CVE-2020-1959 MISC |
| calibre-web — calibre-web |
Calibre-Web 0.6.6 allows authentication bypass because of the ‘A0Zr98j/3yX R~XHH!jmN]LWX/,?RT’ hardcoded secret key. | 2020-05-04 | 7.5 | CVE-2020-12627 MISC |
|
cisco — fire_power_management_center_and_firepower_user_agent |
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-05-06 | 7.5 | CVE-2020-3318 CISCO |
| dell — client_platforms |
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | 2020-05-04 | 7.2 | CVE-2020-5343 MISC |
| dom4j — dom4j |
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. | 2020-05-01 | 7.5 | CVE-2020-10683 MISC MISC CONFIRM CONFIRM |
| fonality — trixbox_community_edition |
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the “asterisk” user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. | 2020-05-01 | 9 | CVE-2020-7351 MISC MISC |
| google — chrome-launcher |
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | 2020-05-02 | 7.5 | CVE-2020-7645 MISC |
| ibm — data_risk_manager | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | 2020-05-07 | 9 | CVE-2020-4428 XF CONFIRM |
| ibm — data_risk_manager |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. | 2020-05-07 | 10 | CVE-2020-4429 XF CONFIRM |
| ibm — data_risk_manager |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. | 2020-05-07 | 9 | CVE-2020-4427 XF CONFIRM |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. | 2020-05-05 | 7.2 | CVE-2020-12659 MISC MISC MISC MISC |
| linux — linux_kernel |
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. | 2020-05-05 | 7.5 | CVE-2020-12654 MLIST MISC MISC MISC |
| oklok — oklok |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | 2020-05-04 | 7.5 | CVE-2020-8790 MISC |
| roundcube — webmail |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 2020-05-04 | 7.5 | CVE-2020-12641 MISC MISC MISC MISC |
| roundcube — webmail |
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | 2020-05-04 | 7.5 | CVE-2020-12640 MISC MISC MISC MISC |
| rsa — archer |
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | 2020-05-04 | 9 | CVE-2020-5332 MISC |
| samsung — multiple_mobile_devices |
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung’s Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. | 2020-05-06 | 10 | CVE-2020-8899 MISC CONFIRM CONFIRM |
| ubiquiti — unifi_cloud_key_devices |
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | 2020-05-02 | 7.2 | CVE-2020-8157 CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accusoft — imagegear |
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2020-05-06 | 6.8 | CVE-2020-6076 MISC |
| accusoft — imagegear |
An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2020-05-06 | 6.8 | CVE-2020-6075 MISC |
| accusoft — imagegear |
An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2020-05-06 | 6.8 | CVE-2020-6082 MISC |
| accusoft — imagegear |
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2020-05-06 | 6.8 | CVE-2020-6094 MISC |
| ayision — ays-wr01_v28k_devices |
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. | 2020-05-05 | 4.3 | CVE-2019-19515 MISC |
| blueonyx — 5209r |
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. | 2020-05-05 | 4.3 | CVE-2020-5517 MISC |
| cisco — firepower_management_center |
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive, browser-based information. | 2020-05-06 | 4.3 | CVE-2020-3313 CISCO |
|
cisco — multiple_products |
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. | 2020-05-06 | 4 | CVE-2020-3329 CISCO |
| citrix — sharefile_storagezones_controller |
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983 but has essentially the same risk. | 2020-05-07 | 5 | CVE-2020-8982 CONFIRM |
| citrix — sharefile_storagezones_controller |
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982 but has essentially the same risk. | 2020-05-07 | 5 | CVE-2020-8983 CONFIRM |
| commscope — ruckus_devices |
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | 2020-05-05 | 6.8 | CVE-2020-8830 MISC |
| commscope — ruckus_r500_devices |
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. | 2020-05-05 | 4.3 | CVE-2020-8033 MISC |
| dolibarr — dolibarr |
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. | 2020-05-06 | 6.5 | CVE-2020-12669 MISC MISC |
| doorkeeper — doorkeeper |
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | 2020-05-04 | 4.3 | CVE-2020-10187 MISC MISC MISC MISC |
| glpi_project — glpi | In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | 2020-05-05 | 5.8 | CVE-2020-11034 CONFIRM |
| glpi_project — glpi
|
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. | 2020-05-05 | 6.4 | CVE-2020-11035 CONFIRM |
| glpi_project — glpi |
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. | 2020-05-05 | 6.5 | CVE-2020-11032 CONFIRM |
| gnu — mailman |
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | 2020-05-06 | 4.3 | CVE-2020-12108 CONFIRM MISC MLIST MISC |
| google — earth_pro |
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3. | 2020-05-04 | 4.3 | CVE-2020-8896 CONFIRM |
| google — tensorflow |
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | 2020-05-04 | 4.3 | CVE-2018-21233 MISC MISC |
| graphicsmagick — graphicsmagick |
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | 2020-05-06 | 5 | CVE-2020-12672 MISC |
| gurbalib — gurbalib |
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | 2020-05-05 | 5 | CVE-2020-12649 MISC |
| hcl — connections |
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | 2020-05-01 | 5.8 | CVE-2019-4209 CONFIRM |
| ibm — business_process_manager |
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126. | 2020-05-06 | 4 | CVE-2020-4446 XF CONFIRM |
| ibm — data_risk_manager |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | 2020-05-07 | 4 | CVE-2020-4430 XF CONFIRM |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. | 2020-05-04 | 5.5 | CVE-2020-4209 XF CONFIRM |
| intelbras — cip_92200_devices |
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | 2020-05-05 | 6.8 | CVE-2020-8829 MISC |
| intelbras — rf1200_devices |
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | 2020-05-05 | 6.8 | CVE-2019-19517 MISC |
| jenkins — jenkins |
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | 2020-05-06 | 4.3 | CVE-2020-2186 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 2020-05-06 | 6.5 | CVE-2020-2189 MLIST CONFIRM |
| juniper — junos |
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with ‘world’ readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user ‘nobody’, the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with ‘world’ readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns “=*;*&” or “*%3b*&” in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match “=*;*&|=*%3b*&” If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match “=*;*&|=*%3b*&” user@device> show log httpd.log.1.gz | match “=*;*&|=*%3b*&” Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. | 2020-05-04 | 6.8 | CVE-2020-1631 CONFIRM |
| lcds — laquis_scada |
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. | 2020-05-04 | 4.3 | CVE-2020-10618 MISC |
| lcds — laquis_scada |
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | 2020-05-04 | 6.8 | CVE-2020-10622 MISC |
| leptoncms — leptoncms |
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | 2020-05-07 | 4.3 | CVE-2020-12707 MISC |
| leptoncms — leptoncms |
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | 2020-05-07 | 4.3 | CVE-2020-12705 MISC |
| linux — linux_kernel |
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. | 2020-05-05 | 4.6 | CVE-2020-12653 MLIST MISC MISC MISC |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. | 2020-05-05 | 4.6 | CVE-2020-12657 MISC MISC MISC MISC |
| linux — linux_kernel |
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a “double fetch” vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states “The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.” | 2020-05-05 | 6.9 | CVE-2020-12652 MISC MISC MISC |
| macaron — macaron |
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | 2020-05-05 | 5.8 | CVE-2020-12666 MISC MISC |
| moxa — nport_5150a_devices |
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. | 2020-05-01 | 5 | CVE-2020-12117 CONFIRM |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. | 2020-05-05 | 4.6 | CVE-2017-18867 MISC |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104. | 2020-05-05 | 5.8 | CVE-2017-18864 MISC |
| netgear — multiple_devices |
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. | 2020-05-05 | 4.3 | CVE-2017-18866 MISC |
| netgear — r8300_and_r8500_devices |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. | 2020-05-05 | 5.2 | CVE-2017-18865 MISC |
| oklok — oklok |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. | 2020-05-04 | 5 | CVE-2020-10876 MISC MISC |
| oklok — oklok |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users’ email addresses and lock names. | 2020-05-04 | 5 | CVE-2020-8792 MISC |
| openvpn — openvpn_access_server |
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable. | 2020-05-04 | 4.3 | CVE-2020-11462 MISC |
| phplist — phplist |
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 2020-05-04 | 4.3 | CVE-2020-12639 MISC MISC |
| red_hat — jboss_keycloak |
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. | 2020-05-04 | 6.5 | CVE-2020-10686 CONFIRM |
| report_portal — service-api |
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. | 2020-05-04 | 5 | CVE-2020-12642 CONFIRM |
| roundcube — webmail |
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | 2020-05-04 | 4.3 | CVE-2020-12626 MISC MISC MISC MISC DEBIAN |
| roundcube — webmail |
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | 2020-05-04 | 4.3 | CVE-2020-12625 MISC MISC MISC DEBIAN |
| rsa — archer |
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | 2020-05-04 | 5.8 | CVE-2020-5337 MISC |
| rsa — archer |
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. | 2020-05-04 | 6.8 | CVE-2020-5335 MISC |
| rsa — archer |
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. | 2020-05-04 | 4 | CVE-2020-5333 MISC |
| rsa — archer |
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system. | 2020-05-04 | 5.8 | CVE-2020-5336 MISC |
| rsa — archer |
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. | 2020-05-04 | 4.3 | CVE-2020-5334 MISC |
| ruby — ruby |
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. | 2020-05-04 | 5 | CVE-2020-10933 CONFIRM |
| ruckus — r500_devices |
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | 2020-05-05 | 5.8 | CVE-2020-7983 MISC |
| samba — samba |
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled ‘Paged Results’ control is combined with the ‘ASQ’ control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | 2020-05-04 | 5 | CVE-2020-10700 CONFIRM FEDORA FEDORA FEDORA MISC |
| soteria — soteria |
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | 2020-05-04 | 4.9 | CVE-2020-1732 CONFIRM CONFIRM |
| synology — router_manager |
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | 2020-05-04 | 5 | CVE-2019-11823 CONFIRM MISC |
| teampass — teampass |
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. | 2020-05-04 | 5.8 | CVE-2020-11671 MISC |
| telegram — telegram_and_telegram desktop |
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. | 2020-05-01 | 4.3 | CVE-2020-12474 MISC |
| the_league — the_league |
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions. | 2020-05-03 | 4.3 | CVE-2020-12624 MISC |
| tobesoft — xplatform |
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution. | 2020-05-06 | 4.4 | CVE-2019-19166 MISC MISC |
| ulicms — ulicms |
UliCMS before 2020.2 has XSS during PackageController uninstall. | 2020-05-07 | 4.3 | CVE-2020-12703 MISC |
| ulicms — ulicms |
UliCMS before 2020.2 has PageController stored XSS. | 2020-05-07 | 4.3 | CVE-2020-12704 MISC |
| wordpress — wordpress |
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | 2020-05-05 | 6.5 | CVE-2020-12104 MISC MISC |
| wordpress — wordpress |
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. | 2020-05-06 | 4.3 | CVE-2020-11727 MISC MISC MISC MISC |
| zimbra — web_client |
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a “www” substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. | 2020-05-05 | 4.3 | CVE-2020-11737 CONFIRM MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — syncope |
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. | 2020-05-04 | 3.5 | CVE-2019-17557 MISC |
| avision — ays-wr01_devices |
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID. | 2020-05-05 | 3.5 | CVE-2019-19514 MISC |
|
cisco — firepower_management_center_and_firepower_user_agent |
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-05-06 | 2.1 | CVE-2020-3301 CISCO |
| enhancesoft — osticket |
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | 2020-05-04 | 3.5 | CVE-2020-12629 MISC MISC EXPLOIT-DB |
| glpi_project — glpi |
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content “<script>alert(1)</script>” reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `” onmouseover=”alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the “last update” field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6. | 2020-05-05 | 3.5 | CVE-2020-11036 CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. | 2020-05-06 | 3.5 | CVE-2020-4384 XF CONFIRM |
| ibm — maximo_anywhere |
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. | 2020-05-06 | 2.1 | CVE-2019-4266 XF CONFIRM |
| linux — linux_kernel |
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. | 2020-05-05 | 2.1 | CVE-2020-12655 MISC MISC MISC |
| linux — linux_kernel |
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. | 2020-05-05 | 2.1 | CVE-2020-12656 MISC |
| linux — linux_kernel |
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. | 2020-05-04 | 1.9 | CVE-2020-12114 MISC |
| qemu — qemu |
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. | 2020-05-04 | 2.1 | CVE-2020-10717 CONFIRM MISC MISC MISC |
| requarks.io — wiki.js |
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81. | 2020-05-05 | 3.5 | CVE-2020-11051 MISC CONFIRM |
| rsa — archer |
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | 2020-05-04 | 2.1 | CVE-2020-5331 MISC |
| simplisafe — ss3_devices |
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. | 2020-05-02 | 2.1 | CVE-2020-5727 CONFIRM |
| tp-link — omada_controller |
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 2020-05-04 | 2.1 | CVE-2020-12475 MISC |
| wordpress — wordpress |
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. | 2020-05-05 | 3.5 | CVE-2020-8799 MISC CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions — codesys_runtime |
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2020-05-07 | not yet calculated | CVE-2020-6081 MISC |
| advantech — webaccess_node | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | not yet calculated | CVE-2020-10638 MISC MISC MISC MISC MISC MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | 2020-05-08 | not yet calculated | CVE-2020-12010 MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | not yet calculated | CVE-2020-12002 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | 2020-05-08 | not yet calculated | CVE-2020-12006 MISC MISC MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | 2020-05-08 | not yet calculated | CVE-2020-12014 MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. | 2020-05-08 | not yet calculated | CVE-2020-12018 MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. | 2020-05-08 | not yet calculated | CVE-2020-12022 MISC MISC |
| advantech — webaccess_node |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | 2020-05-08 | not yet calculated | CVE-2020-12026 MISC MISC |
| appneta — tcpreplay |
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | 2020-05-08 | not yet calculated | CVE-2020-12740 MISC |
| assa_abloy — yale_wipc-301w_ip_cameras | ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. | 2020-05-07 | not yet calculated | CVE-2020-10176 MISC |
| atto — fibrebridge_7500n_devices | ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). | 2020-05-07 | not yet calculated | CVE-2018-5493 MISC |
| avira — software_updater |
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | 2020-05-05 | not yet calculated | CVE-2020-12463 CONFIRM |
| barrel_strength_design — sprout_forms | In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0. | 2020-05-07 | not yet calculated | CVE-2020-11056 MISC CONFIRM |
| blaauw — remote_kiln_control | Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | 2020-05-07 | not yet calculated | CVE-2019-18866 MISC |
| blaauw — remote_kiln_control | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | 2020-05-07 | not yet calculated | CVE-2019-18868 MISC MISC |
| blaauw — remote_kiln_control | Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | 2020-05-07 | not yet calculated | CVE-2019-18869 MISC |
| blaauw — remote_kiln_control | Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | 2020-05-07 | not yet calculated | CVE-2019-18872 MISC |
| blaauw — remote_kiln_control |
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | 2020-05-07 | not yet calculated | CVE-2019-18865 MISC MISC |
| blaauw — remote_kiln_control |
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | 2020-05-07 | not yet calculated | CVE-2019-18864 MISC |
| blaauw — remote_kiln_control |
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. | 2020-05-07 | not yet calculated | CVE-2019-18867 MISC |
| blaauw — remote_kiln_control |
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. | 2020-05-07 | not yet calculated | CVE-2019-18870 MISC |
| blaauw — remote_kiln_control |
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | 2020-05-07 | not yet calculated | CVE-2019-18871 MISC |
| bookstack — bookstack |
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2. | 2020-05-07 | not yet calculated | CVE-2020-11055 MISC MISC CONFIRM |
| canonical — unity8 |
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1. | 2020-05-07 | not yet calculated | CVE-2015-7946 CONFIRM |
| cisco — adaptive_security_appliance |
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication. | 2020-05-06 | not yet calculated | CVE-2020-3125 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit this vulnerability by sending a series of unicast ARP packets in a short timeframe that would reach the management interface of an affected device. A successful exploit could allow the attacker to consume resources on an affected device, which would prevent the device from sending internal system keepalives and eventually cause the device to reload, resulting in a denial of service (DoS) condition. | 2020-05-06 | not yet calculated | CVE-2020-3334 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | 2020-05-06 | not yet calculated | CVE-2020-3259 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. | 2020-05-06 | not yet calculated | CVE-2020-3191 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device. | 2020-05-06 | not yet calculated | CVE-2020-3254 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. | 2020-05-06 | not yet calculated | CVE-2020-3196 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2020-05-06 | not yet calculated | CVE-2020-3305 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2020-05-06 | not yet calculated | CVE-2020-3303 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. | 2020-05-06 | not yet calculated | CVE-2020-3187 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. | 2020-05-06 | not yet calculated | CVE-2020-3298 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. | 2020-05-06 | not yet calculated | CVE-2020-3195 CISCO |
|
cisco — adaptive_security_appliance_and_firepower_threat_defense |
A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2020-05-06 | not yet calculated | CVE-2020-3306 CISCO |
| cisco — content_security_management_appliance |
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. | 2020-05-06 | not yet calculated | CVE-2020-3178 CISCO |
| cisco — firepower_1000_series_devices |
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. | 2020-05-06 | not yet calculated | CVE-2020-3283 CISCO |
| cisco — firepower_device_manager_on-box |
A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. | 2020-05-06 | not yet calculated | CVE-2020-3310 CISCO |
| cisco — firepower_device_manager_on-box |
A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device. | 2020-05-06 | not yet calculated | CVE-2020-3309 CISCO |
| cisco — firepower_management_center | A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. | 2020-05-06 | not yet calculated | CVE-2020-3302 CISCO |
| cisco — firepower_management_center |
A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page. | 2020-05-06 | not yet calculated | CVE-2020-3311 CISCO |
| cisco — firepower_management_center |
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. | 2020-05-06 | not yet calculated | CVE-2020-3307 CISCO |
|
cisco — firepower_threat_defense |
A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. | 2020-05-06 | not yet calculated | CVE-2020-3312 CISCO |
|
cisco — firepower_threat_defense |
A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. The vulnerability is due to a logic error with Snort handling of the connection with the TLS 1.3 policy and URL category configuration. An attacker could exploit this vulnerability by sending crafted TLS 1.3 connections to an affected device. A successful exploit could allow the attacker to bypass the TLS 1.3 policy and access URLs that are outside the affected device and normally would be dropped. | 2020-05-06 | not yet calculated | CVE-2020-3285 CISCO |
|
cisco — firepower_threat_defense |
A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states. | 2020-05-06 | not yet calculated | CVE-2020-3255 CISCO |
|
cisco — firepower_threat_defense |
A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. | 2020-05-06 | not yet calculated | CVE-2020-3308 CISCO |
|
cisco — firepower_threat_defense |
A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device. | 2020-05-06 | not yet calculated | CVE-2020-3253 CISCO |
| cisco — firepower_threat_defense |
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | 2020-05-06 | not yet calculated | CVE-2020-3179 CISCO |
| cisco — firepower_threat_defense |
A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. | 2020-05-06 | not yet calculated | CVE-2020-3186 CISCO |
| cisco — firepower_threat_defense |
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. | 2020-05-06 | not yet calculated | CVE-2020-3188 CISCO |
| cisco — firepower_threat_defense |
A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. | 2020-05-06 | not yet calculated | CVE-2020-3189 CISCO |
| cisco — hosted_collaboration_mediation_fulfillment |
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information. | 2020-05-06 | not yet calculated | CVE-2020-3256 CISCO |
| cisco — multiple_products |
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. | 2020-05-06 | not yet calculated | CVE-2020-3315 CISCO |
| cisco — umbrella |
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user. | 2020-05-06 | not yet calculated | CVE-2020-3246 CISCO |
| citrix –sharefile_storagezones_controller |
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer’s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. | 2020-05-07 | not yet calculated | CVE-2020-7473 CONFIRM |
| cososys — endpoint_protector |
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | 2020-05-04 | not yet calculated | CVE-2019-13285 MISC MISC |
| dext5 — dext5_upload | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | 2020-05-06 | not yet calculated | CVE-2019-19169 MISC MISC |
| dext5 — dext5_upload |
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | 2020-05-06 | not yet calculated | CVE-2019-19168 MISC MISC |
| dext5 — dext5_upload |
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | 2020-05-07 | not yet calculated | CVE-2019-19164 CONFIRM CONFIRM |
| domainmod — domainmod |
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | 2020-05-08 | not yet calculated | CVE-2020-12735 MISC |
| eaton — intelligent_power_manager |
Incorrect Privilege Assignment vulnerability in Eaton’s Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | 2020-05-07 | not yet calculated | CVE-2020-6652 MISC |
| eaton — intelligent_power_manager |
Improper Input Validation in Eaton’s Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | 2020-05-07 | not yet calculated | CVE-2020-6651 MISC |
| enlightenment — imlib2 |
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | 2020-05-09 | not yet calculated | CVE-2020-12761 CONFIRM |
| f5 — nginx_controller | On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket. | 2020-05-07 | not yet calculated | CVE-2020-5895 MISC |
| f5 — nginx_controller |
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | 2020-05-07 | not yet calculated | CVE-2020-5894 MISC |
| freerdp — freerdp |
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. | 2020-05-07 | not yet calculated | CVE-2020-11046 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. | 2020-05-07 | not yet calculated | CVE-2020-11045 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. | 2020-05-07 | not yet calculated | CVE-2020-11042 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. | 2020-05-07 | not yet calculated | CVE-2020-11049 MISC MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. | 2020-05-07 | not yet calculated | CVE-2020-11044 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. | 2020-05-07 | not yet calculated | CVE-2020-11047 MISC MISC CONFIRM |
| freerdp — freerdp |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. | 2020-05-07 | not yet calculated | CVE-2020-11048 MISC MISC CONFIRM |
| gira — tks-ip-gateway | Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. | 2020-05-07 | not yet calculated | CVE-2020-10795 MISC |
| gira — tks-ip-gateway |
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. | 2020-05-07 | not yet calculated | CVE-2020-10794 MISC |
| gitlab — gitlab_enterprise_edition |
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | 2020-05-07 | not yet calculated | CVE-2020-12448 MISC CONFIRM |
| glip-project — glpi |
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: – All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. – All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6. | 2020-05-05 | not yet calculated | CVE-2020-11033 CONFIRM |
| gnuteca — gnuteca |
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | 2020-05-09 | not yet calculated | CVE-2020-12764 CONFIRM |
| gnuteca — gnuteca |
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | 2020-05-09 | not yet calculated | CVE-2020-12766 CONFIRM |
| grin — grin |
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. | 2020-05-05 | not yet calculated | CVE-2020-12439 CONFIRM CONFIRM CONFIRM |
| hcl — nomad |
“If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content.” | 2020-05-06 | not yet calculated | CVE-2020-4092 MISC |
| hibernate — validator |
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. | 2020-05-06 | not yet calculated | CVE-2020-10693 CONFIRM |
| i-net_software — multiple_products |
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal. | 2020-05-07 | not yet calculated | CVE-2020-11431 MISC CONFIRM CONFIRM CONFIRM |
| ibm — websphere_application_liberty |
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084. | 2020-05-06 | not yet calculated | CVE-2020-4421 XF CONFIRM |
| imgtech — zoneplayer |
IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | 2020-05-07 | not yet calculated | CVE-2020-7803 CONFIRM CONFIRM |
| infomark — kt_slim_egg_iml500_and_iml250_devices |
An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. | 2020-05-07 | not yet calculated | CVE-2020-7805 CONFIRM CONFIRM |
| iproute2 — iproute2 | iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. | 2020-05-09 | not yet calculated | CVE-2019-20795 CONFIRM |
| java-websocket — java-websocket |
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0. | 2020-05-07 | not yet calculated | CVE-2020-11050 CONFIRM |
| jenkins — jenkins |
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 2020-05-06 | not yet calculated | CVE-2020-2188 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | 2020-05-06 | not yet calculated | CVE-2020-2183 MLIST CONFIRM |
| jenkins — jenkins |
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | 2020-05-06 | not yet calculated | CVE-2020-2184 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | 2020-05-06 | not yet calculated | CVE-2020-2182 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | 2020-05-06 | not yet calculated | CVE-2020-2181 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | 2020-05-06 | not yet calculated | CVE-2020-2187 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | 2020-05-06 | not yet calculated | CVE-2020-2185 MLIST CONFIRM |
| json-c — json-c |
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. | 2020-05-09 | not yet calculated | CVE-2020-12762 CONFIRM |
| katyshop2 — katyshop2 |
Katyshop2 before 2.12 has multiple stored XSS issues. | 2020-05-07 | not yet calculated | CVE-2020-12683 MISC MISC |
| kde — kio-extras |
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. | 2020-05-09 | not yet calculated | CVE-2020-12755 CONFIRM |
| ledger — nano_and_s_devices |
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC. | 2020-05-06 | not yet calculated | CVE-2020-6861 MISC CONFIRM |
| libexif — libexif | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | 2020-05-09 | not yet calculated | CVE-2020-12767 CONFIRM |
|
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | 2020-05-09 | not yet calculated | CVE-2020-12769 CONFIRM CONFIRM CONFIRM |
|
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | 2020-05-09 | not yet calculated | CVE-2020-12770 CONFIRM CONFIRM |
| linux — linux_kernel | An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | 2020-05-09 | not yet calculated | CVE-2020-12771 CONFIRM |
| linux — linux_kernel |
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace’s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. | 2020-05-09 | not yet calculated | CVE-2019-20794 CONFIRM CONFIRM |
| linux — linux_kernel |
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. | 2020-05-08 | not yet calculated | CVE-2019-14898 MISC CONFIRM MISC MISC MISC |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. | 2020-05-09 | not yet calculated | CVE-2020-12768 CONFIRM CONFIRM |
| linux — linux_kernel |
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | 2020-05-08 | not yet calculated | CVE-2020-10690 CONFIRM |
| maxum_development_corporation — rumpus | An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | 2020-05-08 | not yet calculated | CVE-2020-12737 MISC MISC |
| mcafee — active_response_for_linux |
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7290 CONFIRM |
| mcafee — active_response_for_mac | Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7291 CONFIRM |
| mcafee — active_response_for_windows |
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7289 CONFIRM |
| mcafee — endpoint_security_for_mac |
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-05-08 | not yet calculated | CVE-2020-7265 CONFIRM |
| mcafee — endpoint_security_for_windows |
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-05-08 | not yet calculated | CVE-2020-7264 CONFIRM |
| mcafee — exploit_detection_and_response_for_linux |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7287 CONFIRM |
| mcafee — exploit_detection_and_response_for_mac |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7288 CONFIRM |
| mcafee — exploit_detection_and_response_for_windows |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7286 CONFIRM |
| mcafee — mvision_endpoint |
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | 2020-05-08 | not yet calculated | CVE-2020-7285 CONFIRM |
| mcafee — virusscan_enterprise_for_linux |
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-05-08 | not yet calculated | CVE-2020-7267 CONFIRM |
| mcafee — virusscan_enterprise_for_windows |
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 2020-05-08 | not yet calculated | CVE-2020-7266 CONFIRM |
| mh_sub_i — vbulletin |
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 2020-05-08 | not yet calculated | CVE-2020-12720 MISC |
| micro_focus — verastream_host_integrator |
Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | 2020-05-04 | not yet calculated | CVE-2020-11842 MISC |
| mitel — shoretel_conference_web_application |
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php. | 2020-05-07 | not yet calculated | CVE-2020-12679 MISC |
| mongodb — mongodb_server |
Improper serialization of internal state in the authorization subsystem in MongoDB Server’s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18. | 2020-05-06 | not yet calculated | CVE-2020-7921 MISC |
| network_time_foundation — network_time_protocol |
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker’s behalf and send them to the attacker. | 2020-05-06 | not yet calculated | CVE-2018-8956 MISC MISC MISC MISC |
| node-js-libs — curlrequest |
curlrequest through 1.0.1 allows execution of arbitrary commands.It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values. | 2020-05-07 | not yet calculated | CVE-2020-7646 MISC MISC |
| nvidia — multiple_graphics_cards | A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. | 2020-05-08 | not yet calculated | CVE-2012-0953 MISC |
| nvidia — multiple_graphics_cards |
A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53. | 2020-05-08 | not yet calculated | CVE-2012-0952 MISC |
| oauth2_proxy — oauth2_proxy |
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1. | 2020-05-07 | not yet calculated | CVE-2020-11053 CONFIRM |
| oklok — oklok |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs. | 2020-05-04 | not yet calculated | CVE-2020-8791 MISC |
| openstack — keystone | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | 2020-05-07 | not yet calculated | CVE-2020-12691 MLIST MISC CONFIRM MISC |
| openstack — keystone |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | 2020-05-07 | not yet calculated | CVE-2020-12689 MLIST MISC CONFIRM MISC |
| openstack — keystone |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. | 2020-05-07 | not yet calculated | CVE-2020-12690 MLIST MISC CONFIRM MISC |
| openstack — keystone |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn’t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | 2020-05-07 | not yet calculated | CVE-2020-12692 MLIST MISC CONFIRM MISC |
| php-fusion — php-fusion | In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | 2020-05-08 | not yet calculated | CVE-2020-12718 MISC |
| php-fusion — php-fusion |
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | 2020-05-07 | not yet calculated | CVE-2020-12708 MISC |
| php-fusion — php-fusion |
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | 2020-05-07 | not yet calculated | CVE-2020-12706 MISC MISC MISC |
| plex — media_server |
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 2020-05-08 | not yet calculated | CVE-2020-5741 MISC |
| python_packaging_authority — python_package_installer |
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the –extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). | 2020-05-08 | not yet calculated | CVE-2018-20225 MISC MISC |
| qutebrowser — qutebrowser |
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn’t be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. | 2020-05-07 | not yet calculated | CVE-2020-11054 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| red_hat — jboss_keycloak |
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. | 2020-05-08 | not yet calculated | CVE-2019-10169 CONFIRM |
| red_hat — jboss_keycloak |
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. | 2020-05-08 | not yet calculated | CVE-2019-10170 CONFIRM |
|
s._siedle_&_soehne — sg_150-0_smart_gateway |
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | 2020-05-07 | not yet calculated | CVE-2020-9475 MISC |
| s._siedle_&_soehne — sg_150-0_smart_gateway |
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | 2020-05-07 | not yet calculated | CVE-2020-9474 MISC |
| sae_it-systems — fw-50_remote_telemetry_unit | SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. | 2020-05-05 | not yet calculated | CVE-2020-10630 MISC |
| sae_it-systems — fw-50_remote_telemetry_unit |
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. | 2020-05-05 | not yet calculated | CVE-2020-10634 MISC |
| samba — samba |
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | 2020-05-06 | not yet calculated | CVE-2020-10704 CONFIRM FEDORA FEDORA MISC |
| samsung — multiple_mobile_devices |
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | 2020-05-08 | not yet calculated | CVE-2020-6616 MISC MISC MISC CONFIRM MISC MISC |
| serpico_project — serpico |
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database. | 2020-05-07 | not yet calculated | CVE-2020-12687 MISC MISC |
| servicenow — it_service_management |
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. | 2020-05-05 | not yet calculated | CVE-2019-20768 MISC MISC |
| shopizer — shopizer |
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. | 2020-05-08 | not yet calculated | CVE-2020-11006 MISC CONFIRM |
| silver_peak — multiple_products |
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. | 2020-05-05 | not yet calculated | CVE-2020-12142 CONFIRM |
| silver_peak — multiple_products |
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | 2020-05-05 | not yet calculated | CVE-2020-12143 CONFIRM |
| silver_peak — multiple_products |
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | 2020-05-05 | not yet calculated | CVE-2020-12144 CONFIRM |
| solarwinds — msp_patch_management_engine |
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%SolarWinds MSPSolarWinds.MSP.CacheServiceconfig. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. | 2020-05-07 | not yet calculated | CVE-2020-12608 MISC FULLDISC MISC |
| solarwinds — network_performance_monitor_and_netpath |
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 2020-05-04 | not yet calculated | CVE-2019-12864 MISC MISC |
| solis_miolo — solis_miolo | Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | 2020-05-09 | not yet calculated | CVE-2020-12765 CONFIRM |
| sorcery_gem_for_ruby_on_rails — sorcery_gem_for_ruby_on_rails |
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0. | 2020-05-07 | not yet calculated | CVE-2020-11052 MISC MISC MISC CONFIRM |
| suse — linux_enterprise_server_15_sp1 |
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; | 2020-05-04 | not yet calculated | CVE-2020-8018 CONFIRM |
| techsmith — snagit |
In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | 2020-05-08 | not yet calculated | CVE-2020-11541 CONFIRM |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | 2020-05-07 | not yet calculated | CVE-2020-5750 MISC |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | 2020-05-07 | not yet calculated | CVE-2020-5751 MISC |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | 2020-05-07 | not yet calculated | CVE-2020-5747 MISC |
| tecnick — tcexam |
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | 2020-05-07 | not yet calculated | CVE-2020-5744 MISC |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | 2020-05-07 | not yet calculated | CVE-2020-5749 MISC |
| tecnick — tcexam |
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 2020-05-07 | not yet calculated | CVE-2020-5745 MISC |
| tecnick — tcexam |
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don’t have permission. | 2020-05-07 | not yet calculated | CVE-2020-5743 MISC |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | 2020-05-07 | not yet calculated | CVE-2020-5746 MISC |
| tecnick — tcexam |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | 2020-05-07 | not yet calculated | CVE-2020-5748 MISC |
| tobesoft — nexacro |
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. | 2020-05-06 | not yet calculated | CVE-2019-19167 MISC MISC |
| tobesoft — xplatform |
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. | 2020-05-06 | not yet calculated | CVE-2020-7806 MISC MISC |
| tp-link — muliple_devices |
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | 2020-05-04 | not yet calculated | CVE-2020-12110 MISC MISC |
| tp-link — multiple_devices |
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | 2020-05-04 | not yet calculated | CVE-2020-12109 MISC MISC MISC |
| tp-link — nc260_and_nc450_devices | Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | 2020-05-04 | not yet calculated | CVE-2020-12111 MISC MISC MISC |
| tp-link — tl-wa855re_devices |
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. | 2020-05-07 | not yet calculated | CVE-2020-10916 MISC |
| ubports — ubuntu_touch | signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | 2020-05-07 | not yet calculated | CVE-2014-1423 MISC MISC MISC |
| wavlink — multiple_devices |
An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices. A crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. | 2020-05-07 | not yet calculated | CVE-2020-10971 MISC |
| wavlink — multiple_devices |
An issue was discovered on Wavlink WL-WN579G3 – M79X3.V5030.180719 and WL-WN575A3 – RPT75A3.V4300.180801 devices, affecting a backup feature. A crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. | 2020-05-07 | not yet calculated | CVE-2020-10974 MISC |
|
wavlink — wl-wn530hg4_devices |
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. | 2020-05-07 | not yet calculated | CVE-2020-10973 MISC |
| wavlink — wl-wn530hg4_devices |
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. A page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). | 2020-05-07 | not yet calculated | CVE-2020-10972 MISC |
| wordpress — wordpress |
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | 2020-05-08 | not yet calculated | CVE-2020-11530 MISC FULLDISC MISC MISC |
| wordpress — wordpress |
The iframe plugin before 4.5 for WordPress does not sanitize a URL. | 2020-05-07 | not yet calculated | CVE-2020-12696 MISC MISC |
| wso2 — multiple_products |
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. | 2020-05-08 | not yet calculated | CVE-2020-12719 MISC |
| zoho — manageengine_data_security_plus |
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | 2020-05-08 | not yet calculated | CVE-2020-11532 MISC MISC |
| zoho — manageengine_data_security_plus |
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. | 2020-05-08 | not yet calculated | CVE-2020-11531 MISC MISC |
| zoho — manageengine_desktop_central |
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | 2020-05-05 | not yet calculated | CVE-2020-10859 CONFIRM |
| zoho — manageengine_opmanager |
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | 2020-05-07 | not yet calculated | CVE-2020-12116 MISC MISC |
| zoom — zoom_it_installer_for_windows |
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. | 2020-05-04 | not yet calculated | CVE-2020-11443 CONFIRM CONFIRM CONFIRM |
| zulip — zulip_desktop |
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | 2020-05-09 | not yet calculated | CVE-2020-12637 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.