Original release date: November 9, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat | Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | 2020-11-05 | 9.3 | CVE-2020-24433 MISC |
google — chrome | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 7.5 | CVE-2020-16011 SUSE SUSE MISC MISC |
qnap — music_station | If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | 2020-11-02 | 7.5 | CVE-2018-19950 CONFIRM |
qualcomm — agatti_firmware | u’Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 10 | CVE-2020-3654 CONFIRM MISC |
qualcomm — agatti_firmware | u’While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, AR9344, Bitra, IPQ5018, Kamorta, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9886, QCM6125, QCN7605, QCS404, QCS405, QCS605, QCS610, QRB5165, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 7.8 | CVE-2020-3704 CONFIRM MISC |
qualcomm — agatti_firmware | u’Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 7.2 | CVE-2020-3690 CONFIRM MISC |
qualcomm — agatti_firmware | u’Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-11-02 | 10 | CVE-2020-3692 CONFIRM MISC |
qualcomm — agatti_firmware | u’Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 10 | CVE-2020-3673 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250 | 2020-11-02 | 10 | CVE-2020-3657 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 | 2020-11-02 | 8.3 | CVE-2020-11155 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 | 2020-11-02 | 8.3 | CVE-2020-11154 CONFIRM MISC |
qualcomm — apq8053_firmware | u’Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 2020-11-02 | 7.5 | CVE-2020-3703 CONFIRM MISC |
qualcomm — apq8053_firmware | u’Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55 | 2020-11-02 | 10 | CVE-2020-11153 CONFIRM MISC |
qualcomm — ipq4019_firmware | u’fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow’ in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980 | 2020-11-02 | 7.5 | CVE-2020-11172 CONFIRM MISC |
whatsapp — whatsapp | A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold. | 2020-11-03 | 7.5 | CVE-2020-1909 CONFIRM |
wordpress — wordpress | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 2020-11-02 | 7.5 | CVE-2020-28032 MISC MLIST MISC MISC DEBIAN |
wordpress — wordpress | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | 2020-11-02 | 7.5 | CVE-2020-28035 MLIST MISC DEBIAN |
wordpress — wordpress | wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 2020-11-02 | 7.5 | CVE-2020-28036 MISC MLIST MISC MISC DEBIAN |
wordpress — wordpress | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | 2020-11-02 | 7.5 | CVE-2020-28037 MISC MLIST MISC MISC DEBIAN |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 6.8 | CVE-2020-24429 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 4.3 | CVE-2020-24438 MISC |
adobe — acrobat | Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 4.3 | CVE-2020-24427 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 5.1 | CVE-2020-24428 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 5.8 | CVE-2020-24431 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 4.3 | CVE-2020-24434 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 4.3 | CVE-2020-24426 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 6.8 | CVE-2020-24437 MISC MISC |
adobe — acrobat | Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. | 2020-11-05 | 6.8 | CVE-2020-24436 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader. | 2020-11-05 | 6.8 | CVE-2020-24435 MISC MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document. | 2020-11-05 | 6.8 | CVE-2020-24432 MISC |
adobe — acrobat | Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file. | 2020-11-05 | 6.8 | CVE-2020-24430 MISC |
basercms — basercms | baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. | 2020-10-30 | 6.5 | CVE-2020-15277 MISC MISC CONFIRM |
google — chrome | Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15997 MISC MISC |
google — chrome | Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15992 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15993 MISC MISC |
google — chrome | Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15995 MISC MISC |
google — chrome | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16006 SUSE SUSE MISC MISC |
google — chrome | Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15996 MISC MISC |
google — chrome | Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16005 SUSE SUSE MISC MISC |
google — chrome | Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15998 MISC MISC |
google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16000 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16001 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2020-11-03 | 6.8 | CVE-2020-16002 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16004 SUSE SUSE MISC MISC |
google — chrome | Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15990 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15977 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15991 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16003 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15988 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15982 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15999 SUSE MISC MISC FEDORA |
google — chrome | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16010 MISC MISC |
google — chrome | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15979 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15985 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. | 2020-11-03 | 4.3 | CVE-2020-15984 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15974 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15986 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-15981 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2020-11-03 | 4.3 | CVE-2020-6557 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-16009 SUSE SUSE MISC MISC |
google — chrome | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. | 2020-11-03 | 4.4 | CVE-2020-15983 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15994 MISC MISC |
google — chrome | Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15975 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15976 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 2020-11-03 | 6.8 | CVE-2020-15978 SUSE MISC MISC FEDORA FEDORA |
ibm — i2_ibase | IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. | 2020-10-30 | 6.8 | CVE-2020-4588 XF CONFIRM |
ibm — i2_ibase | IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. | 2020-10-30 | 5 | CVE-2020-4584 XF CONFIRM |
icewarp — mail_server | IceWarp 11.4.5.0 allows XSS via the language parameter. | 2020-11-02 | 4.3 | CVE-2020-27982 MISC |
jenkins — active_directory | A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | 2020-11-04 | 4.3 | CVE-2020-2303 MLIST CONFIRM |
jenkins — active_directory | A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | 2020-11-04 | 4 | CVE-2020-2302 CONFIRM |
jenkins — aws_global_configuration | A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. | 2020-11-04 | 4 | CVE-2020-2311 CONFIRM |
jenkins — azure_key_vault | A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2020-11-04 | 4 | CVE-2020-2313 CONFIRM |
jenkins — kubernetes | A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | 2020-11-04 | 4 | CVE-2020-2308 CONFIRM |
jenkins — kubernetes | A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2020-11-04 | 4 | CVE-2020-2309 CONFIRM |
jenkins — mercurial | A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | 2020-11-04 | 4 | CVE-2020-2306 CONFIRM |
marmind — marmind | A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS. | 2020-11-05 | 4.3 | CVE-2020-26505 MISC MISC |
oleacorner — olea_gift_on_order | The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | 2020-11-02 | 5 | CVE-2020-9368 MISC MISC |
pimcore — pimcore | The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{“keyId”%3a”””,”groupId”%3a”‘asd’))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,”,11,12,”,14+from+users)+–+”}] | 2020-10-30 | 6.5 | CVE-2020-7759 CONFIRM CONFIRM |
qnap — music_station | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | 2020-11-02 | 4.3 | CVE-2018-19951 CONFIRM |
qnap — music_station | If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | 2020-11-02 | 5 | CVE-2018-19952 CONFIRM |
qnap — photo_station | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | 2020-11-02 | 4.3 | CVE-2018-19956 CONFIRM |
qnap — photo_station | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | 2020-11-02 | 4.3 | CVE-2018-19955 CONFIRM |
qnap — photo_station | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | 2020-11-02 | 4.3 | CVE-2018-19954 CONFIRM |
qualcomm — agatti_firmware | u’Array index underflow issue in adsp driver due to improper check of channel id before used as array index.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-11174 CONFIRM MISC |
qualcomm — agatti_firmware | u’An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-3638 CONFIRM MISC |
qualcomm — agatti_firmware | u’A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param’ in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130 | 2020-11-02 | 4.6 | CVE-2020-3678 CONFIRM MISC |
qualcomm — agatti_firmware | u’Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 2020-11-02 | 6.4 | CVE-2020-3670 CONFIRM MISC |
qualcomm — agatti_firmware | u’QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-3684 CONFIRM MISC |
qualcomm — agatti_firmware | u’Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-11125 CONFIRM MISC |
qualcomm — agatti_firmware | u’Two threads running simultaneously from user space can lead to race condition in fastRPC driver’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-11-02 | 4.4 | CVE-2020-11173 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process’ in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24 | 2020-11-02 | 4.6 | CVE-2020-3696 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-3693 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250 | 2020-11-02 | 4.8 | CVE-2020-11141 CONFIRM MISC |
qualcomm — apq8009_firmware | u’Buffer over-read while processing received L2CAP packet due to lack of integer overflow check’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 | 2020-11-02 | 6.4 | CVE-2020-11169 CONFIRM MISC |
qualcomm — apq8053_firmware | u’Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS’ in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632 | 2020-11-02 | 5 | CVE-2020-11157 CONFIRM |
qualcomm — bitra_firmware | u’Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130 | 2020-11-02 | 4.6 | CVE-2020-3694 CONFIRM MISC |
qualcomm — qca6390_firmware | u’Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250 | 2020-11-02 | 4.8 | CVE-2020-11156 CONFIRM MISC |
trendmicro — antivirus | Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.nnrnAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 2020-10-30 | 6.9 | CVE-2020-27014 N/A N/A |
wordpress — wordpress | WordPress before 5.5.2 allows CSRF attacks that change a theme’s background image. | 2020-11-02 | 4.3 | CVE-2020-28040 MISC MLIST MISC DEBIAN |
wordpress — wordpress | WordPress before 5.5.2 allows stored XSS via post slugs. | 2020-11-02 | 4.3 | CVE-2020-28038 MISC MLIST MISC DEBIAN |
wordpress — wordpress | WordPress before 5.5.2 allows XSS associated with global variables. | 2020-11-02 | 4.3 | CVE-2020-28034 MLIST MISC DEBIAN |
wordpress — wordpress | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 2020-11-02 | 5 | CVE-2020-28033 MLIST MISC DEBIAN |
wordpress — wordpress | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 2020-11-02 | 6.4 | CVE-2020-28039 MISC MLIST MISC MISC DEBIAN |
zte — zxa10_eodn_firmware | A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | 2020-11-05 | 4 | CVE-2020-6877 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
basercms — basercms | baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. | 2020-10-30 | 3.5 | CVE-2020-15273 MISC CONFIRM MISC |
basercms — basercms | baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. | 2020-10-30 | 3.5 | CVE-2020-15276 MISC MISC CONFIRM |
evms — redcap | A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages. | 2020-11-02 | 3.5 | CVE-2020-27359 MISC MISC MISC |
nedi — nedi | NeDi 1.9C allows inc/rt-popup.php d XSS. | 2020-11-02 | 3.5 | CVE-2020-23868 MISC |
nedi — nedi | NeDi 1.9C allows pwsec.php oid XSS. | 2020-11-02 | 3.5 | CVE-2020-23989 MISC |
trendmicro — antivirus | Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 2020-10-30 | 2.1 | CVE-2020-27015 N/A N/A |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat_reader_dc |
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. | 2020-11-05 | not yet calculated | CVE-2020-24439 MISC |
alerta — alerta |
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients. | 2020-11-06 | not yet calculated | CVE-2020-26214 MISC MISC MISC CONFIRM MISC MISC |
apache — shiro |
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 2020-11-05 | not yet calculated | CVE-2020-17510 MLIST MISC |
aruba — airwave_software |
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-11-04 | not yet calculated | CVE-2020-7129 MISC |
aruba — airwave_software |
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-11-04 | not yet calculated | CVE-2020-7128 MISC |
asterisk — asterisk_open_source |
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. | 2020-11-06 | not yet calculated | CVE-2020-28327 MISC |
asterisk — asterisk_open_source |
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. | 2020-11-06 | not yet calculated | CVE-2020-28242 MISC |
audimexee — audimexee |
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter “unique_error_numbers” is not set, remote attackers can inject arbitrary web script or HTML via ‘action, cargo, panel’ parameters that can lead to data leakage. | 2020-11-05 | not yet calculated | CVE-2020-28047 MISC |
audimexee — audimexee |
SQL Injection vulnerability in “Documents component” found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | 2020-11-05 | not yet calculated | CVE-2020-28115 MISC |
auth0 — ad-idap-connector |
ad-ldap-connector’s admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13. | 2020-11-06 | not yet calculated | CVE-2020-15259 MISC CONFIRM |
axios — axios |
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | 2020-11-06 | not yet calculated | CVE-2020-28168 MISC |
b.braun_melsungen_ag — onlinesuite |
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. | 2020-11-06 | not yet calculated | CVE-2020-25174 MISC |
b.braun_melsungen_ag — onlinesuite |
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. | 2020-11-06 | not yet calculated | CVE-2020-25172 MISC |
b.braun_melsungen_ag — onlinesuite |
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. | 2020-11-06 | not yet calculated | CVE-2020-25170 MISC |
bookstack — bookstack |
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4. | 2020-11-03 | not yet calculated | CVE-2020-26210 MISC MISC MISC CONFIRM |
bookstack — bookstack |
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4. | 2020-11-03 | not yet calculated | CVE-2020-26211 MISC MISC CONFIRM MISC |
cellinx — nvt_web_server |
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. | 2020-11-06 | not yet calculated | CVE-2020-28250 MISC MISC |
check_point — endpoint_security_client |
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. | 2020-11-02 | not yet calculated | CVE-2020-6014 MISC |
check_point — endpoint_security_client |
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. | 2020-11-05 | not yet calculated | CVE-2020-6015 MISC |
cisco — anyconnect_secure_mobility_client |
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. | 2020-11-06 | not yet calculated | CVE-2020-27123 CISCO |
cisco — anyconnect_secure_mobility_client_software |
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability. | 2020-11-06 | not yet calculated | CVE-2020-3556 CISCO |
cisco — edge_fog_fabric |
A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | 2020-11-06 | not yet calculated | CVE-2020-26084 CISCO |
cisco — identity_services_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-11-06 | not yet calculated | CVE-2020-3551 CISCO |
cisco — identity_services_engine |
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device. | 2020-11-06 | not yet calculated | CVE-2020-27122 CISCO |
cisco — identity_services_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | 2020-11-06 | not yet calculated | CVE-2020-26083 CISCO |
cisco — integrated_management_controller |
A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level. | 2020-11-06 | not yet calculated | CVE-2020-3371 CISCO |
cisco — ios_xr_64-bit_software |
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. | 2020-11-06 | not yet calculated | CVE-2020-3284 CISCO |
cisco — ip_phones |
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. | 2020-11-06 | not yet calculated | CVE-2020-3574 CISCO |
cisco — sd-wan_software | A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges. | 2020-11-06 | not yet calculated | CVE-2020-3595 CISCO |
cisco — sd-wan_software |
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network. | 2020-11-06 | not yet calculated | CVE-2020-3444 CISCO |
cisco — sd-wan_software |
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. | 2020-11-06 | not yet calculated | CVE-2020-3593 CISCO |
cisco — sd-wan_software |
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. | 2020-11-06 | not yet calculated | CVE-2020-3600 CISCO |
cisco — sd-wan_software |
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. | 2020-11-06 | not yet calculated | CVE-2020-3594 CISCO |
cisco — sd-wan_vmanage_software | A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges. | 2020-11-06 | not yet calculated | CVE-2020-27129 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-11-06 | not yet calculated | CVE-2020-3587 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-11-06 | not yet calculated | CVE-2020-3579 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-11-06 | not yet calculated | CVE-2020-3591 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-11-06 | not yet calculated | CVE-2020-3590 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. | 2020-11-06 | not yet calculated | CVE-2020-27128 CISCO |
cisco — sd-wan_vmanage_software |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system. | 2020-11-06 | not yet calculated | CVE-2020-3592 CISCO |
cisco — telepresence_collaboration_endpoint_software |
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | 2020-11-06 | not yet calculated | CVE-2020-26086 CISCO |
cisco — unified_communications_manager_im_and_presence_service_software |
A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability. | 2020-11-06 | not yet calculated | CVE-2020-27121 CISCO |
cisco — webex_meetings_desktop_app |
A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients. | 2020-11-06 | not yet calculated | CVE-2020-3588 CISCO |
cisco — webex_network_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-11-06 | not yet calculated | CVE-2020-3573 CISCO |
cisco — webex_network_recording_player_and_webex_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-11-06 | not yet calculated | CVE-2020-3604 CISCO |
cisco — webex_network_recording_player_and_webex_player |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2020-11-06 | not yet calculated | CVE-2020-3603 CISCO |
cybozu — garoon |
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | 2020-11-06 | not yet calculated | CVE-2020-5643 MISC MISC |
databaseschemaviewer — databaseschemaviewer |
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened. | 2020-11-04 | not yet calculated | CVE-2020-26207 MISC MISC CONFIRM |
debian — bounty_castle_bc |
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. | 2020-11-02 | not yet calculated | CVE-2020-26939 MISC MISC MLIST |
debian — raptor_xml_writer.c |
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | 2020-11-06 | not yet calculated | CVE-2017-18926 MISC MLIST DEBIAN MISC |
eramba — eramba |
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. | 2020-11-02 | not yet calculated | CVE-2020-28031 MISC MISC |
f5 — big-ip | In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. | 2020-11-05 | not yet calculated | CVE-2020-5943 MISC |
f5 — big-ip | In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | 2020-11-05 | not yet calculated | CVE-2020-5946 MISC |
f5 — big-ip |
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. | 2020-11-05 | not yet calculated | CVE-2020-5939 MISC |
f5 — big-ip |
On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command. | 2020-11-05 | not yet calculated | CVE-2020-5941 MISC |
f5 — big-ip |
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. | 2020-11-05 | not yet calculated | CVE-2020-5944 MISC |
f5 — big-ip |
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. | 2020-11-05 | not yet calculated | CVE-2020-5945 MISC |
f5 — big-ip |
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. | 2020-11-05 | not yet calculated | CVE-2020-5940 MISC |
f5 — big-ip |
In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. | 2020-11-05 | not yet calculated | CVE-2020-5942 MISC |
foxit — reader |
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. | 2020-11-02 | not yet calculated | CVE-2020-14425 MISC MISC MISC |
fruitywifi_project — fruitywifi |
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317. | 2020-11-05 | not yet calculated | CVE-2020-24849 MISC MISC MISC |
fuel — cms |
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 2020-11-04 | not yet calculated | CVE-2020-26167 MISC MISC MISC MISC |
git-lfs — git-lfs |
Git LFS 2.12.0 allows Remote Code Execution. | 2020-11-05 | not yet calculated | CVE-2020-27955 MISC FULLDISC MISC MISC MISC MISC |
google — chrome | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. | 2020-11-03 | not yet calculated | CVE-2020-15980 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. | 2020-11-03 | not yet calculated | CVE-2020-15973 SUSE MISC MISC FEDORA FEDORA |
google — chrome | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 2020-11-03 | not yet calculated | CVE-2020-16007 SUSE SUSE MISC MISC |
google — chrome | Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | 2020-11-03 | not yet calculated | CVE-2020-16008 SUSE SUSE MISC MISC |
google — chrome |
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15968 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 2020-11-03 | not yet calculated | CVE-2020-15989 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15970 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15971 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15972 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15969 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2020-11-03 | not yet calculated | CVE-2020-15967 SUSE MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. | 2020-11-03 | not yet calculated | CVE-2020-15987 SUSE MISC MISC FEDORA FEDORA |
hashicorp — consul_enterprise |
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. | 2020-11-04 | not yet calculated | CVE-2020-25201 CONFIRM MISC |
hcl — digital_experience |
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | 2020-11-05 | not yet calculated | CVE-2020-14222 MISC |
hcl — notes |
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. | 2020-11-05 | not yet calculated | CVE-2020-4097 MISC |
hcl — notes |
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. | 2020-11-05 | not yet calculated | CVE-2020-14240 MISC |
hewlett_packard_enterprise — oneview_and_synergy_composer |
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. | 2020-11-06 | not yet calculated | CVE-2020-7198 MISC |
hewlett_packard_enterprise — proliant_gen10_servers | A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board. | 2020-11-05 | not yet calculated | CVE-2020-7207 MISC |
hindotech — hk1_s905x3_tv_box |
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. | 2020-11-05 | not yet calculated | CVE-2020-27402 MISC MISC MISC MISC MISC |
horizontcms — horizontcms |
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager’s rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta. | 2020-11-05 | not yet calculated | CVE-2020-27387 MISC MISC |
ibm — app_connect_enerprise_certified_container |
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219. | 2020-11-03 | not yet calculated | CVE-2020-4785 XF CONFIRM |
ibm — maximo_anywhere |
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 | 2020-11-03 | not yet calculated | CVE-2019-4349 XF CONFIRM |
ibm — qradar_siem |
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440. | 2020-11-05 | not yet calculated | CVE-2018-1725 XF CONFIRM |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857. | 2020-11-06 | not yet calculated | CVE-2020-4483 XF CONFIRM |
ibm — urbancode_deploy |
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. | 2020-11-03 | not yet calculated | CVE-2020-4649 XF CONFIRM |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856. | 2020-11-06 | not yet calculated | CVE-2020-4482 XF CONFIRM |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. | 2020-11-06 | not yet calculated | CVE-2020-4484 XF CONFIRM |
immuta — immuta |
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials. | 2020-11-05 | not yet calculated | CVE-2020-15951 MISC MISC MISC |
immuta — immuta |
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | 2020-11-05 | not yet calculated | CVE-2020-15950 MISC MISC MISC |
immuta — immuta |
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | 2020-11-05 | not yet calculated | CVE-2020-15949 MISC MISC MISC |
immuta — immuta |
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS. | 2020-11-05 | not yet calculated | CVE-2020-15952 MISC MISC MISC |
intelliants — subrion_cms |
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. | 2020-11-04 | not yet calculated | CVE-2019-7356 MISC MISC |
intermind — imind_server |
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user’s session by sending a malicious file in the chat. | 2020-11-05 | not yet calculated | CVE-2020-25399 MISC |
intermind — imind_server |
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | 2020-11-05 | not yet calculated | CVE-2020-25398 MISC |
ipfs — ipfs |
An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes’ routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this. | 2020-11-02 | not yet calculated | CVE-2020-10937 MISC MISC |
jenkins — active_directory_plugin |
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | 2020-11-04 | not yet calculated | CVE-2020-2299 MLIST CONFIRM |
jenkins — active_directory_plugin |
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | 2020-11-04 | not yet calculated | CVE-2020-2301 CONFIRM |
jenkins — active_directory_plugin |
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | 2020-11-04 | not yet calculated | CVE-2020-2300 MLIST CONFIRM |
jenkins — active_subversion_plugin |
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-11-04 | not yet calculated | CVE-2020-2304 MLIST CONFIRM |
jenkins — ansible_plugin |
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2020-11-04 | not yet calculated | CVE-2020-2310 CONFIRM |
jenkins — appspider_plugin |
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-11-04 | not yet calculated | CVE-2020-2314 CONFIRM |
jenkins — findbugs_plugin |
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin’s post build step. | 2020-11-04 | not yet calculated | CVE-2020-2317 CONFIRM |
jenkins — kubernetes_plugin |
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | 2020-11-04 | not yet calculated | CVE-2020-2307 CONFIRM |
jenkins — mail_commander_plugin |
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2020-11-04 | not yet calculated | CVE-2020-2318 CONFIRM |
jenkins — mercurial_plugin |
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-11-04 | not yet calculated | CVE-2020-2305 CONFIRM |
jenkins — sqlplus_script_runner_plugin |
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. | 2020-11-04 | not yet calculated | CVE-2020-2312 CONFIRM |
jenkins — static_analysis_utilities_plugin |
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-11-04 | not yet calculated | CVE-2020-2316 CONFIRM |
jenkins — visualworks_store_plugin |
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-11-04 | not yet calculated | CVE-2020-2315 CONFIRM |
jenkins — vmware_lab_manager_slaves_plugin |
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-11-04 | not yet calculated | CVE-2020-2319 CONFIRM |
joomla — jomsocial |
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer’s profile. | 2020-11-04 | not yet calculated | CVE-2020-22274 MISC MISC MISC |
joplin — joplin |
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. | 2020-11-06 | not yet calculated | CVE-2020-28249 MISC MISC |
kuka — visual_components |
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol is vulnerable to DoS through an arbitrary pointerderreference. This flaw allows an attacker to to pass a specially crafted package that, when processed by theservice, causes an arbitrary pointer from the stack to be dereferenced, causing an uncaught exception thatterminates the service. This can be further contructed in combination with RVDP#710 which exploits an informationdisclosure leak, or with RVDP#711 for an stack-overflow and potential code execution.Beyond denying simulations, Visual Components provides capabilities to interface with industrial machinery andautomate certain processes (e.g. testing, benchmarking, etc.) which depending on the DevOps setup might beintegrated into the industrial flow. Accordingly, a DoS in the simulation might have higher repercusions, dependingon the Industrial Control System (ICS) ICS infrastructure. | 2020-11-06 | not yet calculated | CVE-2020-10292 CONFIRM |
kuka — visual_components |
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol leaks information regarding the receiving serverinformation, license information and managing licenses, among others.Through this flaw, attackers can retreive information about a KUKA simulation system, particularly, the version ofthe licensing server, which is connected to the simulator, and which will allow them to launch local simulationswith similar characteristics, further understanding the dynamics of motion virtualization and opening doors toother attacks (see RVDP#711 and RVDP#712 for subsequent vulnerabilities that compromise integrity andavailability).Beyond compromising simulations, Visual Components provides capabilities to interface with industrial machinery.Particularly, their PLC Connectivity feature ‘makes it easy’ to connect simulations with control systems usingeither the industry standard OPC UA or other supported vendor specific interfaces. This fills the gap of jumpingfrom simulation to real and enables attackers to pivot from the Visual Components simulator to robots or otherIndustrial Control System (ICS) devices, such as PLCs. | 2020-11-06 | not yet calculated | CVE-2020-10291 CONFIRM |
libmaxminddb — libmaxminddb |
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | 2020-11-06 | not yet calculated | CVE-2020-28241 MISC MISC MISC |
lightbend — play_framework |
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | 2020-11-06 | not yet calculated | CVE-2020-26882 MISC MISC |
lightbend — play_framework |
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | 2020-11-06 | not yet calculated | CVE-2020-26883 MISC MISC |
lightbend — play_framework |
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. | 2020-11-06 | not yet calculated | CVE-2020-27196 MISC MISC |
linux — linux_kernel |
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. | 2020-11-06 | not yet calculated | CVE-2020-27152 MLIST MISC CONFIRM CONFIRM |
linux — swift |
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. | 2020-11-02 | not yet calculated | CVE-2020-9861 MISC |
marmind — marmind |
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI. | 2020-11-05 | not yet calculated | CVE-2020-26506 MISC MISC |
marmind — marmind |
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC. | 2020-11-05 | not yet calculated | CVE-2020-26507 MISC MISC |
microfocus — self_service_password_reset |
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | 2020-11-05 | not yet calculated | CVE-2020-25837 MISC |
misp-project — misp |
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | 2020-11-02 | not yet calculated | CVE-2020-28043 MISC |
mit — kerberos5 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | 2020-11-06 | not yet calculated | CVE-2020-28196 CONFIRM MLIST FEDORA |
mitsubishi_electric — gt14_model_of_got_1000_series | Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5649 MISC MISC MISC MISC |
mitsubishi_electric — gt14_model_of_got_1000_series |
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5647 MISC MISC MISC MISC |
mitsubishi_electric — gt14_model_of_got_1000_series |
Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5648 MISC MISC MISC MISC |
mitsubishi_electric — gt14_model_of_got_1000_series |
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5646 MISC MISC MISC MISC |
mitsubishi_electric — gt14_model_of_got_1000_series |
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5644 MISC MISC MISC MISC |
mitsubishi_electric — gt14_model_of_got_1000_series |
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-06 | not yet calculated | CVE-2020-5645 MISC MISC MISC MISC |
mitsubishi_electric — melsec_iq |
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions ’20’ and earlier, R 04/08/16/32/120 (EN) CPU firmware versions ’52’ and earlier, R 08/16/32/120 SFCPU firmware versions ’22’ and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number ‘22081’ and earlier , Q 03/04/06/13/26 UDVCPU serial number ‘22031’ and earlier, Q 04/06/13/26 UDPVCPU serial number ‘22031’ and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU – (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition . | 2020-11-02 | not yet calculated | CVE-2020-5652 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series | Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5658 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series | Improper neutralization of argument delimiters in a command (‘Argument Injection’) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5657 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series |
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5655 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series |
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5656 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series |
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5654 MISC MISC MISC |
mitsubishi_electric — melsec_iq-r_series |
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 2020-11-02 | not yet calculated | CVE-2020-5653 MISC MISC MISC |
moxa — mxview |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | 2020-11-05 | not yet calculated | CVE-2020-13536 MISC |
moxa — mxview |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | 2020-11-05 | not yet calculated | CVE-2020-13537 MISC |
moxa — vport_461_firmware |
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa’s VPort 461 Series Industrial Video Servers. | 2020-11-02 | not yet calculated | CVE-2020-23639 MISC |
nats — jwt_library |
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | 2020-11-06 | not yet calculated | CVE-2020-26892 MISC CONFIRM |
nats — jwt_library |
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | 2020-11-06 | not yet calculated | CVE-2020-26521 CONFIRM MISC |
neoflex — video_subscritpion_system |
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website’s Settings to be changed (such as Payment Settings) | 2020-11-04 | not yet calculated | CVE-2020-22273 MISC MISC |
nessus — nessus_for_windows_and_nessus_agent | A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | 2020-11-05 | not yet calculated | CVE-2020-5793 MISC MISC |
nessus — network_monitor |
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | 2020-11-06 | not yet calculated | CVE-2020-5794 MISC |
netapp — santricity_os_controller_software |
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | 2020-11-06 | not yet calculated | CVE-2020-8580 MISC |
netapp — santricity_os_controller_software |
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | 2020-11-06 | not yet calculated | CVE-2020-8577 MISC |
netgear — nighthawk_r7000_devices |
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim’s intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | 2020-11-02 | not yet calculated | CVE-2020-28041 MISC MISC MISC MISC |
nextcloud — nextcloud_server |
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | 2020-11-02 | not yet calculated | CVE-2020-8236 MISC MISC |
nextcloud — nextcloud_server |
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | 2020-11-02 | not yet calculated | CVE-2020-8183 MISC MISC |
nextcloud — nextcloud_server |
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | 2020-11-02 | not yet calculated | CVE-2020-8173 MISC MISC |
openfind — mailgates_and_mailaudit |
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | 2020-11-01 | not yet calculated | CVE-2020-25849 CONFIRM |
opensuse — opesuse |
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that – for a short time period – allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | 2020-11-04 | not yet calculated | CVE-2020-28049 SUSE MISC MISC MISC MLIST DEBIAN |
oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-11-02 | not yet calculated | CVE-2020-14750 MISC |
origin — origin_client |
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators. | 2020-11-02 | not yet calculated | CVE-2020-27708 MISC |
origin — origin_client |
A cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window. | 2020-11-02 | not yet calculated | CVE-2020-15914 MISC |
osticket — osticket |
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | 2020-11-02 | not yet calculated | CVE-2020-24881 MISC MISC |
pax — point_of_sale_device |
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | 2020-11-02 | not yet calculated | CVE-2020-28044 MISC |
pax — prolinos |
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables –modprobe switch. | 2020-11-02 | not yet calculated | CVE-2020-28046 MISC |
pax — prolinos |
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD. | 2020-11-02 | not yet calculated | CVE-2020-28045 MISC |
qemu — qemu | ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. | 2020-11-06 | not yet calculated | CVE-2020-27616 CONFIRM MISC |
qemu — qemu |
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | 2020-11-06 | not yet calculated | CVE-2020-27617 CONFIRM MISC |
qualcomm — multiple_snapdragon_products |
u’Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control’ in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-11-02 | not yet calculated | CVE-2020-11164 CONFIRM |
qualcomm — multiple_snapdragon_products |
u’Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-11-02 | not yet calculated | CVE-2020-11162 CONFIRM |
qualcomm — multiple_snapdragon_products |
u’Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 | 2020-11-02 | not yet calculated | CVE-2020-11114 CONFIRM |
red_hat — red_hat |
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel’s Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. | 2020-11-05 | not yet calculated | CVE-2020-25662 CONFIRM CONFIRM CONFIRM |
red_hat — red_hat |
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2020-11-05 | not yet calculated | CVE-2020-25661 CONFIRM CONFIRM CONFIRM |
redcap — redcap |
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger’s CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another’s conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | 2020-11-02 | not yet calculated | CVE-2020-27358 MISC MISC MISC |
relish — verve_connect_vh510_devices | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. | 2020-11-04 | not yet calculated | CVE-2020-27691 MISC MISC |
relish — verve_connect_vh510_devices |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware. | 2020-11-04 | not yet calculated | CVE-2020-27692 MISC MISC |
relish — verve_connect_vh510_devices |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | 2020-11-04 | not yet calculated | CVE-2020-27689 MISC MISC |
relish — verve_connect_vh510_devices |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. | 2020-11-04 | not yet calculated | CVE-2020-27690 MISC MISC |
rvtools — rvtools |
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances. | 2020-11-05 | not yet calculated | CVE-2020-27688 MISC MISC |
saltstack — salt |
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | 2020-11-06 | not yet calculated | CVE-2020-25592 SUSE MISC FEDORA CONFIRM |
saltstack — salt |
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | 2020-11-06 | not yet calculated | CVE-2020-16846 SUSE MISC FEDORA CONFIRM |
saltstack — salt |
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | 2020-11-06 | not yet calculated | CVE-2020-17490 SUSE MISC FEDORA CONFIRM |
servicestack — servicestack |
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. | 2020-11-02 | not yet calculated | CVE-2020-28042 MISC MISC MISC MISC |
shun_hu_technology — juuko_k-800 |
JUUKO K-800 (Firmware versions prior to numbers ending …9A, …9B, …9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running. | 2020-11-02 | not yet calculated | CVE-2018-17932 MISC |
shun_hu_technology — juuko_k-800 |
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending …9A, …9B, …9C, etc.). | 2020-11-02 | not yet calculated | CVE-2018-19025 MISC |
silver_peak — unity_orchestrator |
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | 2020-11-05 | not yet calculated | CVE-2020-12146 MISC |
silver_peak — unity_orchestrator |
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. | 2020-11-05 | not yet calculated | CVE-2020-12147 MISC |
silver_peak — unity_orchestrator |
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability. | 2020-11-05 | not yet calculated | CVE-2020-12145 MISC |
sonarqube — sonarqube |
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint. | 2020-11-02 | not yet calculated | CVE-2020-28002 MISC |
studyplus — studyplus_app |
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | 2020-11-06 | not yet calculated | CVE-2020-5667 MISC |
suitecrm — suitecrm |
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. | 2020-11-06 | not yet calculated | CVE-2020-28328 MISC MISC |
synk — absolunet/kafe |
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails. | 2020-11-05 | not yet calculated | CVE-2020-7761 MISC MISC |
synk — browerless-chrome |
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. | 2020-11-02 | not yet calculated | CVE-2020-7758 MISC MISC MISC |
synk — codemirror |
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* | 2020-10-30 | not yet calculated | CVE-2020-7760 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
synk — droppy |
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | 2020-11-02 | not yet calculated | CVE-2020-7757 MISC MISC |
synk — jsreport-chrome-pdf |
This affects the package jsreport-chrome-pdf before 1.10.0. | 2020-11-05 | not yet calculated | CVE-2020-7762 MISC MISC |
synk — phantom-html-to-pdf |
This affects the package phantom-html-to-pdf before 0.6.1. | 2020-11-05 | not yet calculated | CVE-2020-7763 MISC MISC |
synopsys — blackduck |
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 – 0.0.52 does not validate SSL certificates in certain cases. | 2020-11-06 | not yet calculated | CVE-2020-27589 MISC MISC MISC MISC |
tcpdump — tcpdump |
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | 2020-11-04 | not yet calculated | CVE-2020-8037 MISC |
tcpdump — tcpdump |
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. | 2020-11-04 | not yet calculated | CVE-2020-8036 MISC |
teler — teler |
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn’t get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1. | 2020-11-06 | not yet calculated | CVE-2020-26213 MISC CONFIRM |
telerik — fiddler |
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by –utility-and-browser –utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. | 2020-11-05 | not yet calculated | CVE-2020-13661 MISC MISC MISC |
tmux — tmux |
The function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. | 2020-11-06 | not yet calculated | CVE-2020-27347 MISC MISC |
ubiquiti — unifi_protect_controller |
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. | 2020-11-05 | not yet calculated | CVE-2020-8267 MISC MISC MISC |
ubuntu — libvirt |
Ubuntu’s packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | 2020-11-06 | not yet calculated | CVE-2020-15708 MISC |
ubuntu — packagekit |
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | 2020-11-07 | not yet calculated | CVE-2020-16121 CONFIRM MISC |
ubuntu — packagekit |
PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. | 2020-11-07 | not yet calculated | CVE-2020-16122 CONFIRM |
ubuntu — ubuntu |
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. | 2020-10-31 | not yet calculated | CVE-2020-15703 CONFIRM MISC |
unix — symbolic_link |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | 2020-11-06 | not yet calculated | CVE-2020-5795 MISC |
vmware — tanzu |
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn’t appear with LDAP because of chained authentication. | 2020-10-31 | not yet calculated | CVE-2020-5425 CONFIRM |
whatsapp — whatsapp_and_whatsapp_business |
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. | 2020-11-03 | not yet calculated | CVE-2020-1908 CONFIRM |
wildfly — wildfly |
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. | 2020-11-02 | not yet calculated | CVE-2020-25689 CONFIRM |
wireshark — wireshark |
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | 2020-11-02 | not yet calculated | CVE-2020-28030 MISC MISC MISC |
wondershare — dr.fone |
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%Wondersharedr.foneLibraryDriverInstaller has Full Control for BUILTINUsers. | 2020-11-02 | not yet calculated | CVE-2020-27992 MISC MISC |
wordpress — wordpress | Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer’s profile. | 2020-11-04 | not yet calculated | CVE-2020-22277 MISC MISC MISC |
wordpress — wordpress |
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | 2020-11-07 | not yet calculated | CVE-2020-28339 MISC MISC |
wordpress — wordpress |
WeForms WordPress Plugin 1.4.7 allows CSV injection via a form’s entry. | 2020-11-04 | not yet calculated | CVE-2020-22276 MISC MISC |
wordpress — wordpress |
Easy Registration Forms (ER Forms) WordPress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. | 2020-11-04 | not yet calculated | CVE-2020-22275 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.