Original release date: November 23, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
golang — go | Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. | 2020-11-18 | 7.5 | CVE-2020-28367 MISC CONFIRM MLIST MLIST FEDORA |
golang — go | Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. | 2020-11-18 | 7.5 | CVE-2020-28366 MISC CONFIRM MLIST FEDORA |
jetbrains — toolbox | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | 2020-11-16 | 10 | CVE-2020-25207 MISC CONFIRM |
riken — xoonips | Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. | 2020-11-16 | 7.5 | CVE-2020-5664 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
chronoengine — chronoforums | Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. | 2020-11-16 | 4.3 | CVE-2020-27459 MISC |
cmsuno_project — cmsuno | An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | 2020-11-13 | 6.5 | CVE-2020-25538 MISC |
golang — go | Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | 2020-11-18 | 5 | CVE-2020-28362 CONFIRM MLIST FEDORA |
intel — proset/wireless_wifi | Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-11-13 | 5.8 | CVE-2020-12313 MISC |
ivanti — endpoint_manager | LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | 2020-11-16 | 6.5 | CVE-2020-13769 MISC MISC |
ivanti — endpoint_manager | In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | 2020-11-16 | 5 | CVE-2020-13772 MISC MISC |
jetbrains — toolbox | JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | 2020-11-16 | 5 | CVE-2020-25013 MISC CONFIRM |
jetbrains — youtrack | In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | 2020-11-16 | 5 | CVE-2020-25210 MISC CONFIRM |
jetbrains — youtrack | JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | 2020-11-16 | 5 | CVE-2020-27626 MISC CONFIRM |
jetbrains — youtrack | In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | 2020-11-16 | 5 | CVE-2020-27625 MISC |
jetbrains — youtrack | JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | 2020-11-16 | 5 | CVE-2020-27624 MISC CONFIRM |
jetbrains — youtrack | In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. | 2020-11-16 | 5 | CVE-2020-25209 MISC CONFIRM |
microfocus — arcsight_logger | Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | 2020-11-17 | 4.3 | CVE-2020-11860 CONFIRM |
microfocus — arcsight_logger | Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). | 2020-11-17 | 4.3 | CVE-2020-25834 CONFIRM |
netapp — hci | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | 2020-11-13 | 5 | CVE-2020-8583 MISC |
netapp — hci | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | 2020-11-13 | 4 | CVE-2020-8582 MISC |
pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. | 2020-11-13 | 6.8 | CVE-2020-6147 FULLDISC MISC |
pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. | 2020-11-13 | 6.8 | CVE-2020-6156 MISC |
pixar — openusd | A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 2020-11-13 | 6.8 | CVE-2020-6155 MISC |
pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. | 2020-11-13 | 6.8 | CVE-2020-6150 MISC |
pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. | 2020-11-13 | 6.8 | CVE-2020-6149 MISC |
pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. | 2020-11-13 | 6.8 | CVE-2020-6148 MISC |
postgresql — postgresql | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-11-16 | 6.5 | CVE-2020-25695 MISC MISC |
postgresql — postgresql | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-11-16 | 6.8 | CVE-2020-25694 MISC MISC |
riken — xoonips | SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2020-11-16 | 6.5 | CVE-2020-5659 MISC MISC |
riken — xoonips | Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | 2020-11-16 | 4 | CVE-2020-5663 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 stores sensitive information in the browser’s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | 2020-11-13 | 2.1 | CVE-2020-4886 XF CONFIRM |
jetbrains — youtrack | Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. | 2020-11-16 | 2.1 | CVE-2020-24366 MISC CONFIRM |
microfocus — filr | Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. | 2020-11-17 | 3.5 | CVE-2020-25832 CONFIRM |
microfocus — idol | Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | 2020-11-17 | 3.5 | CVE-2020-25833 CONFIRM |
nagios — nagios_xi | Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | 2020-11-16 | 3.5 | CVE-2020-27988 CONFIRM |
nagios — nagios_xi | Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | 2020-11-16 | 3.5 | CVE-2020-27989 CONFIRM |
nagios — nagios_xi | Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | 2020-11-16 | 3.5 | CVE-2020-27990 CONFIRM |
nagios — nagios_xi | Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 2020-11-16 | 3.5 | CVE-2020-27991 CONFIRM |
riken — xoonips | Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | 2020-11-16 | 3.5 | CVE-2020-5662 MISC MISC |
salesagility — suitecrm | SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | 2020-11-18 | 3.5 | CVE-2020-14208 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
airleader — master_and_easy_devices |
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | 2020-11-16 | not yet calculated | CVE-2020-26509 MISC |
airleader — master_devices |
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | 2020-11-16 | not yet calculated | CVE-2020-26510 MISC |
amazon — amazon_web_services_encryption_sdk | A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later. | 2020-11-16 | not yet calculated | CVE-2020-8897 CONFIRM CONFIRM |
anuku — time_tracker |
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox | 2020-11-16 | not yet calculated | CVE-2020-27423 MISC |
anuku — time_tracker |
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account. | 2020-11-16 | not yet calculated | CVE-2020-27422 MISC MISC |
apache — libapreq2 |
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | 2020-11-19 | not yet calculated | CVE-2019-12412 MISC MISC |
apache — openoffice |
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. | 2020-11-17 | not yet calculated | CVE-2020-13958 MISC |
archive_tar — archive_tar | Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | 2020-11-19 | not yet calculated | CVE-2020-28949 MISC |
archive_tar — archive_tar |
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | 2020-11-19 | not yet calculated | CVE-2020-28948 MISC |
artworks_gallery — artworks_gallery |
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | 2020-11-17 | not yet calculated | CVE-2020-28688 MISC MISC |
artworks_gallery — artworks_gallery |
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | 2020-11-17 | not yet calculated | CVE-2020-28687 MISC MISC |
avaya — weblm |
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | 2020-11-13 | not yet calculated | CVE-2020-7032 MISC FULLDISC CONFIRM |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | 2020-11-17 | not yet calculated | CVE-2020-26550 MISC |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | 2020-11-17 | not yet calculated | CVE-2020-26548 MISC |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | 2020-11-17 | not yet calculated | CVE-2020-26549 MISC |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | 2020-11-17 | not yet calculated | CVE-2020-26551 MISC |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | 2020-11-17 | not yet calculated | CVE-2020-26552 MISC |
aviatrix — cloud_controller |
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | 2020-11-17 | not yet calculated | CVE-2020-26553 MISC |
avid_cloud_solutions — cloudavid_pparam |
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | 2020-11-16 | not yet calculated | CVE-2020-28723 MISC MISC |
avideo — avideo |
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. | 2020-11-16 | not yet calculated | CVE-2020-23490 MISC MISC |
avideo — avideo |
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. | 2020-11-16 | not yet calculated | CVE-2020-23489 MISC MISC |
basetech — ge-131-1837836_firmware |
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information. | 2020-11-17 | not yet calculated | CVE-2020-27553 MISC |
basetech — ge-131-1837836_firmware |
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | 2020-11-17 | not yet calculated | CVE-2020-27555 MISC |
basetech — ge-131-1837836_firmware |
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | 2020-11-17 | not yet calculated | CVE-2020-27558 MISC |
basetech — ge-131-1837836_firmware |
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. | 2020-11-17 | not yet calculated | CVE-2020-27557 MISC |
basetech — ge-131-1837836_firmware |
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | 2020-11-17 | not yet calculated | CVE-2020-27554 MISC |
basetech — ge-131-1837836_firmware |
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. | 2020-11-17 | not yet calculated | CVE-2020-27556 MISC |
beckhoff _automation — twincat |
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. | 2020-11-19 | not yet calculated | CVE-2020-12510 CONFIRM |
bejing_liangiing_zhicheng_technology — ltd_ljcmsshop |
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. | 2020-11-18 | not yet calculated | CVE-2020-22723 MISC MISC |
bernd_bestel — grocy |
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. | 2020-11-18 | not yet calculated | CVE-2020-25454 MISC |
big-ip — big-ip_platforms |
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). | 2020-11-19 | not yet calculated | CVE-2020-5947 CONFIRM |
bigbluebutton — bigbluebutton |
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. | 2020-11-19 | not yet calculated | CVE-2020-28953 MISC MISC |
bigbluebutton — bigbluebutton |
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | 2020-11-19 | not yet calculated | CVE-2020-28954 MISC MISC MISC MISC |
binarynights — forklift |
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift’s helper tool. | 2020-11-17 | not yet calculated | CVE-2020-27192 MISC |
binarynights — forklift |
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. | 2020-11-17 | not yet calculated | CVE-2020-15349 CONFIRM MISC |
canon — oce_colorwave_3500_devices |
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | 2020-11-16 | not yet calculated | CVE-2020-26508 MISC |
canonical — ubuntu_pulseaudio |
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. | 2020-11-19 | not yet calculated | CVE-2020-15710 UBUNTU UBUNTU |
cisco — asyncos |
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | 2020-11-18 | not yet calculated | CVE-2020-3367 CISCO |
cisco — dna_spaces_connector |
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. | 2020-11-18 | not yet calculated | CVE-2020-3586 CISCO |
cisco — expressway |
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. | 2020-11-18 | not yet calculated | CVE-2020-3482 CISCO |
cisco — integrated_management_controller |
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). | 2020-11-18 | not yet calculated | CVE-2020-3470 CISCO |
cisco — iot_field_network_director | A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. | 2020-11-18 | not yet calculated | CVE-2020-26080 CISCO |
cisco — iot_field_network_director | A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | 2020-11-18 | not yet calculated | CVE-2020-26078 CISCO |
cisco — iot_field_network_director |
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. | 2020-11-18 | not yet calculated | CVE-2020-26081 CISCO |
cisco — iot_field_network_director |
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. | 2020-11-18 | not yet calculated | CVE-2020-26079 CISCO |
cisco — iot_field_network_director |
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. | 2020-11-18 | not yet calculated | CVE-2020-26077 CISCO |
cisco — iot_field_network_director |
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. | 2020-11-18 | not yet calculated | CVE-2020-26076 CISCO |
cisco — iot_field_network_director |
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. | 2020-11-18 | not yet calculated | CVE-2020-26075 CISCO |
cisco — iot_field_network_director |
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. | 2020-11-18 | not yet calculated | CVE-2020-26072 CISCO |
cisco — iot_field_network_director |
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication. | 2020-11-18 | not yet calculated | CVE-2020-3392 CISCO |
cisco — iot_field_network_director |
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. | 2020-11-18 | not yet calculated | CVE-2020-3531 CISCO |
cisco — security_manager |
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | 2020-11-17 | not yet calculated | CVE-2020-27125 CISCO |
cisco — security_manager |
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. | 2020-11-17 | not yet calculated | CVE-2020-27130 CISCO |
cisco — security_manager |
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITYSYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. | 2020-11-17 | not yet calculated | CVE-2020-27131 CISCO |
cisco — telepresence_ce_software_and_roomos_software |
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users. | 2020-11-18 | not yet calculated | CVE-2020-26068 CISCO |
cisco — webex_meetings |
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. | 2020-11-18 | not yet calculated | CVE-2020-27126 CISCO |
cisco — webex_meetings_and_webex_meetings_server |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. | 2020-11-18 | not yet calculated | CVE-2020-3471 CISCO |
cisco — webex_meetings_and_webex_meetings_server |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. | 2020-11-18 | not yet calculated | CVE-2020-3441 CISCO |
cisco — webex_meetings_server |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. | 2020-11-18 | not yet calculated | CVE-2020-3419 CISCO |
citrix — sd-wan_center | Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. | 2020-11-16 | not yet calculated | CVE-2020-8273 MISC |
citrix — sd-wan_center |
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 2020-11-16 | not yet calculated | CVE-2020-8272 MISC |
citrix — sd-wan_center |
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 2020-11-16 | not yet calculated | CVE-2020-8271 MISC |
citrix — virtual_apps_and_desktop |
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 | 2020-11-16 | not yet calculated | CVE-2020-8269 MISC |
citrix — virtual_apps_and_desktop |
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 | 2020-11-16 | not yet calculated | CVE-2020-8270 MISC |
controlled-merge — controlled-merge |
Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | 2020-11-15 | not yet calculated | CVE-2020-28268 MISC MISC |
cxuucms — cxuucms |
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | 2020-11-18 | not yet calculated | CVE-2020-28091 MISC CONFIRM |
doc-path — doc-path |
This affects the package doc-path before 2.1.2. | 2020-11-15 | not yet calculated | CVE-2020-7772 CONFIRM CONFIRM CONFIRM |
drupal — drupal |
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. | 2020-11-20 | not yet calculated | CVE-2020-13671 CONFIRM |
endress+hauser — ecograph_t |
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic “tokens”. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on. | 2020-11-19 | not yet calculated | CVE-2020-12495 CONFIRM |
endress+hauser — ecograph_t_and_memograph_m |
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it’s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user. | 2020-11-19 | not yet calculated | CVE-2020-12496 CONFIRM |
fastadmin — fastadmin |
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | 2020-11-17 | not yet calculated | CVE-2020-21665 MISC |
firebase — util |
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | 2020-11-16 | not yet calculated | CVE-2020-7765 CONFIRM CONFIRM CONFIRM |
garmin — forerunner_235 | Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | 2020-11-16 | not yet calculated | CVE-2020-27484 MISC |
garmin — forerunner_235 |
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. | 2020-11-16 | not yet calculated | CVE-2020-27483 MISC |
garmin — forerunner_235 |
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | 2020-11-16 | not yet calculated | CVE-2020-27486 MISC |
garmin — forerunner_235 |
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | 2020-11-16 | not yet calculated | CVE-2020-27485 MISC |
genexis — platinum_4410_router |
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action ‘X_GetAccess’ which leaks the credentials of ‘admin’, provided that the attacker is network adjacent. | 2020-11-17 | not yet calculated | CVE-2020-25988 MISC MISC MISC MISC |
gila — gila_cms |
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | 2020-11-16 | not yet calculated | CVE-2020-28692 MISC |
gitlab — ce/cc |
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-26405 CONFIRM MISC MISC |
gitlab — ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-19 | not yet calculated | CVE-2020-13355 CONFIRM MISC MISC |
gitlab — ce/ee
|
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. | 2020-11-17 | not yet calculated | CVE-2020-13350 CONFIRM MISC MISC |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-19 | not yet calculated | CVE-2020-13356 CONFIRM MISC MISC |
gitlab — ce/ee |
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13358 CONFIRM MISC |
gitlab — ce/ee |
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-19 | not yet calculated | CVE-2020-13359 CONFIRM MISC |
gitlab — ce/ee |
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. | 2020-11-17 | not yet calculated | CVE-2020-13354 CONFIRM MISC MISC |
gitlab — ce/ee |
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13351 CONFIRM MISC MISC |
gitlab — ce/ee |
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13352 CONFIRM MISC MISC |
gitlab — ee
|
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13349 CONFIRM MISC |
gitlab — ee |
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13348 CONFIRM MISC |
gitlab — ee |
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-26406 CONFIRM MISC MISC |
gitlab — gitlay |
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | 2020-11-17 | not yet calculated | CVE-2020-13353 CONFIRM MISC |
hcl — domino |
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. | 2020-11-21 | not yet calculated | CVE-2020-14234 CONFIRM |
hcl — domino |
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. | 2020-11-21 | not yet calculated | CVE-2020-14230 CONFIRM |
hcl — notes |
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. | 2020-11-21 | not yet calculated | CVE-2020-14258 CONFIRM |
horizontcms — horizontcms | An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | 2020-11-16 | not yet calculated | CVE-2020-28693 MISC MISC |
ibm — business_automation_workflow |
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | 2020-11-16 | not yet calculated | CVE-2020-4672 XF CONFIRM |
ibm — db2 |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 2020-11-19 | not yet calculated | CVE-2020-4701 XF CONFIRM |
ibm — db2_accessories_suite |
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. | 2020-11-20 | not yet calculated | CVE-2020-4739 XF CONFIRM |
ibm — jazz_reporting_service |
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. | 2020-11-19 | not yet calculated | CVE-2020-4718 XF CONFIRM |
ibm — mq_appliance |
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | 2020-11-18 | not yet calculated | CVE-2020-4592 XF CONFIRM |
ibm — power9 |
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | 2020-11-20 | not yet calculated | CVE-2020-4788 MLIST MLIST XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. | 2020-11-16 | not yet calculated | CVE-2020-4692 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. | 2020-11-16 | not yet calculated | CVE-2020-4700 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | 2020-11-16 | not yet calculated | CVE-2020-4566 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. | 2020-11-16 | not yet calculated | CVE-2020-4655 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. | 2020-11-16 | not yet calculated | CVE-2020-4705 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | 2020-11-16 | not yet calculated | CVE-2020-4671 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2020-11-16 | not yet calculated | CVE-2020-4475 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. | 2020-11-20 | not yet calculated | CVE-2020-4937 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. | 2020-11-16 | not yet calculated | CVE-2020-4763 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | 2020-11-16 | not yet calculated | CVE-2020-4647 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | 2020-11-16 | not yet calculated | CVE-2020-4476 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | 2020-11-16 | not yet calculated | CVE-2020-4665 XF CONFIRM |
imagemagik — imagemagik |
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. | 2020-11-20 | not yet calculated | CVE-2020-19667 MISC |
infinitewp — admin_panel |
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | 2020-11-16 | not yet calculated | CVE-2020-28642 MISC |
influxdata — influxdb |
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 2020-11-19 | not yet calculated | CVE-2019-20933 MISC MISC MISC |
ivanti — endpoint_manager |
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | 2020-11-16 | not yet calculated | CVE-2020-13773 MISC MISC |
jamodat — tsmmanager_collector |
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector’s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances’ consoles, accessing hardware configurations, etc.Exploiting this vulnerability won’t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. | 2020-11-19 | not yet calculated | CVE-2020-28054 MISC MISC MISC |
jetbrains — ideavim | JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | 2020-11-16 | not yet calculated | CVE-2020-27623 MISC CONFIRM |
jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | 2020-11-16 | not yet calculated | CVE-2020-27622 MISC CONFIRM |
jetbrains — ktor |
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | 2020-11-16 | not yet calculated | CVE-2020-26129 MISC CONFIRM |
jetbrains — teamcity |
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | 2020-11-16 | not yet calculated | CVE-2020-27629 MISC CONFIRM |
jetbrains — teamcity |
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | 2020-11-16 | not yet calculated | CVE-2020-27627 MISC CONFIRM |
jetbrains — teamcity |
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | 2020-11-16 | not yet calculated | CVE-2020-27628 MISC CONFIRM |
jupyter — notebook |
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. | 2020-11-18 | not yet calculated | CVE-2020-26215 MISC CONFIRM |
kaa — iot_platform |
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. | 2020-11-17 | not yet calculated | CVE-2020-26701 MISC |
kamailio — kamailio |
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. | 2020-11-18 | not yet calculated | CVE-2020-28361 MISC MISC |
kata — containers |
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. | 2020-11-17 | not yet calculated | CVE-2020-28914 MISC MISC MISC MISC MISC |
kyocera — ecosys_m2640idw_printers |
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in “Machine Address Book”. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions | 2020-11-17 | not yet calculated | CVE-2020-25890 MISC |
lemoncms — lemoncms |
appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | 2020-11-18 | not yet calculated | CVE-2020-25406 MISC |
libsixel — libsixel |
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. | 2020-11-20 | not yet calculated | CVE-2020-19668 MISC |
libsvm — scikit-learn |
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. | 2020-11-21 | not yet calculated | CVE-2020-28975 MISC MISC |
libuci — openwrt |
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. | 2020-11-19 | not yet calculated | CVE-2020-28951 MISC MISC MISC |
libvips — libvips |
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | 2020-11-20 | not yet calculated | CVE-2020-20739 MISC MISC |
limesurvey — limesurvey |
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. | 2020-11-17 | not yet calculated | CVE-2020-25798 MISC MISC |
linux — linux_kernel |
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. | 2020-11-20 | not yet calculated | CVE-2020-28974 MISC MISC MISC |
linux — linux_kernel |
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | 2020-11-18 | not yet calculated | CVE-2020-28915 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. | 2020-11-17 | not yet calculated | CVE-2020-25705 MISC |
linux — linux_kernel |
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. | 2020-11-19 | not yet calculated | CVE-2020-28941 MLIST MISC MISC MISC MISC |
lionwiki — lionwiki |
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-11-16 | not yet calculated | CVE-2020-27191 MISC MISC |
markdown-it-highlightjs — markdown-it-highlightjs |
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss); | 2020-11-16 | not yet calculated | CVE-2020-7773 CONFIRM CONFIRM CONFIRM |
melsec — iq-r_series_cpu_modules |
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. | 2020-11-16 | not yet calculated | CVE-2020-5666 MISC MISC MISC MISC |
melsec — iq-r_series_cpu_modules |
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ’19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ’51’ and earlier, R08/16/32/120SFCPU firmware version ’22’ and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version ’47’ and earlier, RJ71GF11-T2 firmware version ’47’ and earlier, RJ72GF15-T2 firmware version ’07’ and earlier, RJ71GP21-SX firmware version ’47’ and earlier, RJ71GP21S-SX firmware version ’47’ and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet | 2020-11-20 | not yet calculated | CVE-2020-5668 MISC MISC MISC MISC |
mercedes-benz — hermes |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | 2020-11-16 | not yet calculated | CVE-2019-19562 MISC MISC |
mercedes-benz — hermes |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | 2020-11-16 | not yet calculated | CVE-2019-19563 MISC MISC |
mercedes-benz — hermes |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information. | 2020-11-16 | not yet calculated | CVE-2019-19556 MISC MISC |
mercedes-benz — hermes |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | 2020-11-16 | not yet calculated | CVE-2019-19561 MISC MISC |
mercedes-benz — hermes |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | 2020-11-16 | not yet calculated | CVE-2019-19560 MISC MISC |
mercedes-benz — hermes |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | 2020-11-16 | not yet calculated | CVE-2019-19557 MISC MISC |
micro_focus — arcsight_logger |
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. | 2020-11-17 | not yet calculated | CVE-2020-11851 CONFIRM |
misp — misp |
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. | 2020-11-19 | not yet calculated | CVE-2020-28947 MISC |
moodle — moodle | In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25699 MISC MISC |
moodle — moodle |
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25700 MISC MISC |
moodle — moodle |
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25701 MISC MISC |
moodle — moodle |
The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25703 MISC MISC |
moodle — moodle |
Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25698 MISC MISC |
moodle — moodle |
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. | 2020-11-19 | not yet calculated | CVE-2020-25702 MISC MISC |
nagios — nagios_xi |
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | 2020-11-16 | not yet calculated | CVE-2020-28648 MISC |
netiq — identity_manager |
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | 2020-11-20 | not yet calculated | CVE-2020-25839 CONFIRM |
netis — korea_d’live_ap |
Improper Input validation vulnerability exists in Netis Korea D’live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D’live set-top box AP(WF2429TB) v1.1.10. | 2020-11-20 | not yet calculated | CVE-2020-7842 CONFIRM |
netskope — netskope |
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin’s portal thus leads to compromise admin’s system. | 2020-11-20 | not yet calculated | CVE-2020-28845 MISC |
nextcloud — server |
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | 2020-11-16 | not yet calculated | CVE-2020-8152 MISC MISC |
nextcloud — social |
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | 2020-11-19 | not yet calculated | CVE-2020-8279 MISC CONFIRM |
nextcloud — social |
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | 2020-11-19 | not yet calculated | CVE-2020-8278 MISC CONFIRM |
nexttcloud — server |
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | 2020-11-16 | not yet calculated | CVE-2020-8259 MISC MISC |
node — node.js |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | 2020-11-19 | not yet calculated | CVE-2020-8277 MISC CONFIRM |
oppo_security — com.coloros.codebook |
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | 2020-11-19 | not yet calculated | CVE-2020-11829 CONFIRM |
oppo_security — com.coloros.codebook |
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | 2020-11-19 | not yet calculated | CVE-2020-11831 CONFIRM |
oppo_security — com.coloros.codebook |
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | 2020-11-19 | not yet calculated | CVE-2020-11830 CONFIRM |
paradox — ip150 |
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 2020-11-21 | not yet calculated | CVE-2020-25189 MISC |
paradox — ip150 |
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 2020-11-21 | not yet calculated | CVE-2020-25185 MISC |
pdfresurrect — pdfresurrect |
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). | 2020-11-20 | not yet calculated | CVE-2020-20740 MISC MISC |
pescms — pescms_team |
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | 2020-11-17 | not yet calculated | CVE-2020-28092 MISC MISC |
phpgurukul — user_registration_and_login_nd_user_management_system |
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. | 2020-11-18 | not yet calculated | CVE-2020-24723 MISC MISC |
phpgurukul — user_registration_and_login_user_management_system |
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 2020-11-16 | not yet calculated | CVE-2020-25952 MISC MISC MISC |
planet_technology — corp_nvr-915_and_nvr-1615_products |
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-11-18 | not yet calculated | CVE-2020-26097 MISC |
prestashop — prestashop |
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. | 2020-11-16 | not yet calculated | CVE-2020-26224 MISC CONFIRM |
prestashop — product_comments |
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 | 2020-11-16 | not yet calculated | CVE-2020-26225 MISC CONFIRM |
primekey — ejbca |
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. | 2020-11-19 | not yet calculated | CVE-2020-28942 MISC |
pritunl — electron_client |
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. | 2020-11-19 | not yet calculated | CVE-2020-25989 CONFIRM MISC |
progress — moveit_transder |
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser (XSS). | 2020-11-17 | not yet calculated | CVE-2020-28647 CONFIRM MISC |
qnap — qts |
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | 2020-11-16 | not yet calculated | CVE-2020-2490 CONFIRM |
qnap — qts |
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | 2020-11-16 | not yet calculated | CVE-2020-2492 CONFIRM |
rclone — rclone |
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. | 2020-11-19 | not yet calculated | CVE-2020-28924 MISC MISC |
red_hat — jboss_keycloak |
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. | 2020-11-17 | not yet calculated | CVE-2020-10776 MISC |
red_hat — jboss_keycloak |
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | 2020-11-17 | not yet calculated | CVE-2020-14389 MISC |
red_hat — xpdf |
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | 2020-11-21 | not yet calculated | CVE-2020-25725 CONFIRM MISC |
reddoxx — maildepot_2033 |
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. | 2020-11-18 | not yet calculated | CVE-2020-26554 MISC MISC |
resourcexpress — qubi3_devices |
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. | 2020-11-17 | not yet calculated | CVE-2020-25746 CONFIRM MISC |
rsa — archer |
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application. | 2020-11-18 | not yet calculated | CVE-2020-26884 CONFIRM |
schneider_electric — easergy_t300 |
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | 2020-11-19 | not yet calculated | CVE-2020-7561 MISC |
schneider_electric — ecostruxure_building_operation_enterprise_server |
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 – V3.1 and Enterprise Central installer V2.0 – V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. | 2020-11-19 | not yet calculated | CVE-2020-28209 MISC |
schneider_electric — ecostruxure_building_operation_webreports | A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. | 2020-11-19 | not yet calculated | CVE-2020-7572 MISC |
schneider_electric — ecostruxure_building_operation_webreports |
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. | 2020-11-19 | not yet calculated | CVE-2020-7570 MISC |
schneider_electric — ecostruxure_building_operation_webreports |
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. | 2020-11-19 | not yet calculated | CVE-2020-7569 MISC |
schneider_electric — ecostruxure_building_operation_webreports |
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. | 2020-11-19 | not yet calculated | CVE-2020-7571 MISC |
schneider_electric — ecostruxure_building_operation_webreports |
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | 2020-11-19 | not yet calculated | CVE-2020-7573 MISC |
schneider_electric — ecostruxure_building_operation_webstation |
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 – V3.1 that could cause an attacker to inject HTML and JavaScript code into the user’s browser. | 2020-11-19 | not yet calculated | CVE-2020-28210 MISC |
schneider_electric — ecostruxure_control_expert | A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | 2020-11-19 | not yet calculated | CVE-2020-28213 MISC |
schneider_electric — ecostruxure_control_expert |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | 2020-11-19 | not yet calculated | CVE-2020-28212 MISC |
schneider_electric — ecostruxure_control_expert |
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. | 2020-11-19 | not yet calculated | CVE-2020-28211 MISC |
schneider_electric — ecostruxure_control_expert |
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 2020-11-19 | not yet calculated | CVE-2020-7559 MISC |
schneider_electric — ecostruxure_operator_terminal_expert |
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | 2020-11-19 | not yet calculated | CVE-2020-7544 MISC |
schneider_electric — igss_definition |
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7556 MISC |
schneider_electric — igss_definition |
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7558 MISC |
schneider_electric — igss_definition |
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7557 MISC |
schneider_electric — igss_definition |
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7555 MISC |
schneider_electric — igss_definition |
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7550 MISC |
schneider_electric — igss_definition |
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7551 MISC |
schneider_electric — igss_definition |
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7552 MISC |
schneider_electric — igss_definition |
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7554 MISC |
schneider_electric — igss_definition |
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 2020-11-19 | not yet calculated | CVE-2020-7553 MISC |
schneider_electric — modicon_m221 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys. | 2020-11-19 | not yet calculated | CVE-2020-7567 MISC |
schneider_electric — modicon_m221 |
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. | 2020-11-19 | not yet calculated | CVE-2020-7566 MISC |
schneider_electric — modicon_m221 |
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. | 2020-11-19 | not yet calculated | CVE-2020-7565 MISC |
schneider_electric — modicon_m221 |
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. | 2020-11-19 | not yet calculated | CVE-2020-7568 MISC |
schneider_electric — multiple_products | A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. | 2020-11-18 | not yet calculated | CVE-2020-7564 MISC |
schneider_electric — multiple_products |
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. | 2020-11-18 | not yet calculated | CVE-2020-7562 MISC |
schneider_electric — multiple_products |
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | 2020-11-18 | not yet calculated | CVE-2020-7563 MISC |
schneider_electric — plc_simulator_on_ecostruxure_control_expert |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 2020-11-19 | not yet calculated | CVE-2020-7538 MISC |
scratchverifier — scratchverifier |
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else’s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. | 2020-11-20 | not yet calculated | CVE-2020-26236 MISC CONFIRM |
semantic-release — semantic-release |
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3. | 2020-11-18 | not yet calculated | CVE-2020-26226 MISC CONFIRM |
sensormatics_electronics — american_dynamics_victor_web_client_and_software_house_c.cure_web_client |
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | 2020-11-19 | not yet calculated | CVE-2020-9049 CERT CONFIRM |
sokrates — sowa |
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. | 2020-11-19 | not yet calculated | CVE-2020-28350 MISC |
sourcecodester — gym_management_system |
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’. | 2020-11-17 | not yet calculated | CVE-2020-28129 MISC MISC |
sourcecodester — online_clothing_store |
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | 2020-11-17 | not yet calculated | CVE-2020-28138 MISC MISC |
sourcecodester — online_clothing_store |
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | 2020-11-17 | not yet calculated | CVE-2020-28140 MISC MISC |
sourcecodester — online_clothing_store |
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | 2020-11-17 | not yet calculated | CVE-2020-28139 MISC MISC |
sourcecodester — online_library_management_system |
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | 2020-11-17 | not yet calculated | CVE-2020-28130 MISC MISC |
sourcecodester — simple_grocery_store_sales_and_inventory_system |
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | 2020-11-17 | not yet calculated | CVE-2020-28133 MISC MISC |
sourcecodester — tourism_management_system |
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | 2020-11-17 | not yet calculated | CVE-2020-28136 MISC MISC |
sourcecodester — water_billing_system |
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. | 2020-11-17 | not yet calculated | CVE-2020-28183 MISC MISC MISC |
suitecrm — suitecrm | SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | 2020-11-18 | not yet calculated | CVE-2020-15300 MISC |
suitecrm — suitecrm |
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. | 2020-11-18 | not yet calculated | CVE-2020-15301 MISC |
symantec — endpoint_detection_and_response |
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 2020-11-18 | not yet calculated | CVE-2020-12593 CONFIRM |
taskcafe — project_management_tool |
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | 2020-11-17 | not yet calculated | CVE-2020-25400 MISC |
tenable — tp-link_archer |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 2020-11-21 | not yet calculated | CVE-2020-5797 MISC |
tobesoft — xplatform |
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// | 2020-11-17 | not yet calculated | CVE-2020-7841 MISC |
tp-link — multiple_devices |
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | 2020-11-20 | not yet calculated | CVE-2020-28877 MISC |
tp-link — tl-wpa4220_devices |
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 | 2020-11-18 | not yet calculated | CVE-2020-24297 MISC MISC |
tp-link — tl-wpa4220_devices |
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | 2020-11-18 | not yet calculated | CVE-2020-28005 MISC MISC |
trend_micro — apex_one |
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | 2020-11-18 | not yet calculated | CVE-2020-28572 MISC |
trend_micro — interscan_web_security_virtual_appliance | A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 2020-11-18 | not yet calculated | CVE-2020-28581 MISC MISC |
trend_micro — interscan_web_security_virtual_appliance |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 2020-11-18 | not yet calculated | CVE-2020-28578 MISC MISC |
trend_micro — interscan_web_security_virtual_appliance |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 2020-11-18 | not yet calculated | CVE-2020-28579 MISC MISC |
trend_micro — interscan_web_security_virtual_appliance |
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 2020-11-18 | not yet calculated | CVE-2020-28580 MISC MISC |
trend_micro — security_2020 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. | 2020-11-18 | not yet calculated | CVE-2020-27697 MISC |
trend_micro — security_2020 |
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | 2020-11-18 | not yet calculated | CVE-2020-27695 MISC |
trend_micro — security_2020 |
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. | 2020-11-18 | not yet calculated | CVE-2020-27696 MISC |
trend_micro — worry-free_business_security |
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product’s management console. | 2020-11-18 | not yet calculated | CVE-2020-28574 MISC MISC |
trusted_computing_group — trusted_platform_module_library_family |
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. | 2020-11-18 | not yet calculated | CVE-2020-26933 MISC CONFIRM |
typ03 — typ03 |
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. | 2020-11-18 | not yet calculated | CVE-2020-28917 MISC |
typo3 — fluid |
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory. | 2020-11-17 | not yet calculated | CVE-2020-26216 MISC CONFIRM MISC |
valve — game_networking_sockets |
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. | 2020-11-18 | not yet calculated | CVE-2020-6016 MISC |
vmware — esxi |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) | 2020-11-20 | not yet calculated | CVE-2020-4005 CONFIRM |
vmware — multiple_products |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. | 2020-11-20 | not yet calculated | CVE-2020-4004 CONFIRM |
volkswagon — discover_media_infotainment_system |
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. | 2020-11-16 | not yet calculated | CVE-2020-28656 MISC |
werkzeug — werkzeug |
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 2020-11-18 | not yet calculated | CVE-2020-28724 MISC MISC MISC |
western_digital — inand_devices |
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack. | 2020-11-18 | not yet calculated | CVE-2020-13799 MISC CONFIRM |
wordpress — wordpress |
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. | 2020-11-16 | not yet calculated | CVE-2020-28650 MISC |
wordpress — wordpress |
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. | 2020-11-16 | not yet calculated | CVE-2020-28649 MISC MISC |
xstream — xstream |
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | 2020-11-16 | not yet calculated | CVE-2020-26217 CONFIRM CONFIRM CONFIRM |
y18n — y18n |
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(‘y18n’)(); y18n.setLocale(‘__proto__’); y18n.updateLocale({polluted: true}); console.log(polluted); // true | 2020-11-17 | not yet calculated | CVE-2020-7774 MISC MISC MISC MISC |
yzmcms — yzmcms |
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | 2020-11-19 | not yet calculated | CVE-2020-22394 MISC |
zte — multiple_devices |
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. | 2020-11-19 | not yet calculated | CVE-2020-6879 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.