Original release date: September 21, 2020
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — struts | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 2020-09-14 | 7.5 | CVE-2019-0230 MISC |
dlink — covr-2600r_firmware | D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | 2020-09-14 | 10 | CVE-2018-20432 MISC MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). | 2020-09-11 | 7.5 | CVE-2020-25283 MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). | 2020-09-11 | 7.5 | CVE-2020-25282 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. | 2020-09-11 | 7.5 | CVE-2020-25260 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner. | 2020-09-11 | 7.5 | CVE-2020-25259 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. | 2020-09-11 | 7.5 | CVE-2020-25258 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. | 2020-09-11 | 7.5 | CVE-2020-25254 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. | 2020-09-11 | 7.5 | CVE-2020-25253 MISC |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. | 2020-09-15 | 9 | CVE-2020-4521 XF CONFIRM |
jenkins — selection_tasks | Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | 2020-09-16 | 9 | CVE-2020-2276 MLIST CONFIRM |
lemonldap-ng — lemonldap | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the “Lemonldap::NG handler for Node.js” package. | 2020-09-14 | 7.5 | CVE-2020-24660 CONFIRM CONFIRM MISC DEBIAN |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system’s root password via improper access controls in the user interface. | 2020-09-15 | 7.7 | CVE-2020-7293 MISC |
mi — r3600_firmware | In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | 2020-09-11 | 10 | CVE-2020-14100 MISC |
mi — xiaomi_ai_speaker_firmware | Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 2020-09-11 | 7.5 | CVE-2020-14096 MISC |
microsoft — chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172. | 2020-09-11 | 7.6 | CVE-2020-1180 N/A |
microsoft — chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180. | 2020-09-11 | 7.6 | CVE-2020-1172 N/A |
microsoft — edge | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180. | 2020-09-11 | 9.3 | CVE-2020-1057 N/A |
microsoft — exchange_server | A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka ‘Microsoft Exchange Server Remote Code Execution Vulnerability’. | 2020-09-11 | 9 | CVE-2020-16875 MISC N/A |
microsoft — visual_studio | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16856. | 2020-09-11 | 9.3 | CVE-2020-16874 N/A |
microsoft — visual_studio | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16874. | 2020-09-11 | 9.3 | CVE-2020-16856 N/A |
microsoft — visual_studio_code | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-16881 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka ‘Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0782 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1590 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka ‘Windows Text Service Module Remote Code Execution Vulnerability’. | 2020-09-11 | 7.6 | CVE-2020-0908 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1593. | 2020-09-11 | 9.3 | CVE-2020-1508 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1129. | 2020-09-11 | 9.3 | CVE-2020-1319 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-1285 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1039. | 2020-09-11 | 9.3 | CVE-2020-1074 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1074. | 2020-09-11 | 9.3 | CVE-2020-1039 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-0997 N/A MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-0922 N/A |
microsoft — windows_10 | A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0951 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka ‘Group Policy Elevation of Privilege Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-1013 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Shell infrastructure component Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0870 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1053. | 2020-09-11 | 7.2 | CVE-2020-1308 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1245 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ‘NTFS Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0838 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1030 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0998 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1034 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka ‘Windows Modules Installer Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0911 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1559. | 2020-09-11 | 7.2 | CVE-2020-0886 N/A |
projectworlds — house_rental | Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | 2020-09-15 | 7.5 | CVE-2020-23833 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accesspressthemes — wp_floating_menu | WordPress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | 2020-09-14 | 4.3 | CVE-2020-25378 MISC |
apache — cocoon | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | 2020-09-11 | 5 | CVE-2020-11991 MISC |
apache — struts | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | 2020-09-14 | 5 | CVE-2019-0233 MISC |
argosoft — mail_server | ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | 2020-09-11 | 6.8 | CVE-2020-23824 MISC |
atlassian — jira | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. | 2020-09-17 | 5 | CVE-2020-14181 MISC |
blackcat-cms — blackcat_cms | An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | 2020-09-15 | 6.8 | CVE-2020-25453 MISC |
bluetooth — bluetooth_core_specification | Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. | 2020-09-11 | 4.3 | CVE-2020-15802 MISC MISC |
codoforum — codoforum | Codoforum 4.8.3 allows HTML Injection in the ‘admin dashboard Manage users Section.’ | 2020-09-14 | 4.3 | CVE-2020-21845 MISC MISC |
cryptsetup_project — cryptsetup | A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ‘lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. | 2020-09-16 | 6.8 | CVE-2020-14382 MISC FEDORA UBUNTU |
ctolog — thinkadmin | ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | 2020-09-14 | 5 | CVE-2020-25540 MISC MISC MISC |
dataiku — data_science_studio | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the “Created by” metadata. | 2020-09-14 | 5.5 | CVE-2020-8817 MISC CONFIRM |
ericsson — rx8200_firmware | Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the “path” or “Services+ID” parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the “name” parameter with the malicious code. | 2020-09-14 | 4.3 | CVE-2020-22158 MISC |
gazie_project — gazie | Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. | 2020-09-14 | 4.3 | CVE-2020-21731 MISC MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. | 2020-09-14 | 6.5 | CVE-2020-13302 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. | 2020-09-14 | 4 | CVE-2020-13316 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues | 2020-09-14 | 4 | CVE-2020-13287 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | 2020-09-15 | 4 | CVE-2020-13308 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. | 2020-09-14 | 4 | CVE-2020-13313 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. | 2020-09-15 | 4 | CVE-2020-13303 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. | 2020-09-14 | 4 | CVE-2020-13311 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. | 2020-09-14 | 4 | CVE-2020-13310 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. | 2020-09-14 | 4 | CVE-2020-13317 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. | 2020-09-14 | 4 | CVE-2020-13305 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | 2020-09-14 | 5.5 | CVE-2020-13284 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | 2020-09-14 | 4.9 | CVE-2020-13318 CONFIRM MISC |
gitlab — gitlab | GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 2020-09-14 | 6.4 | CVE-2020-13300 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | 2020-09-14 | 5.5 | CVE-2020-13289 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | 2020-09-14 | 5 | CVE-2020-13312 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. | 2020-09-15 | 6 | CVE-2020-13307 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. | 2020-09-14 | 5 | CVE-2020-13314 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | 2020-09-14 | 5.5 | CVE-2020-13299 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. | 2020-09-14 | 4.9 | CVE-2020-13297 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. | 2020-09-14 | 5 | CVE-2020-13306 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | 2020-09-14 | 5 | CVE-2020-13298 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. | 2020-09-14 | 6.5 | CVE-2020-13304 CONFIRM MISC MISC |
gonitro — nitro_pro | An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an ‘ICCBased’ colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 2020-09-16 | 6.8 | CVE-2020-6146 MISC |
google — android | In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800 | 2020-09-18 | 4.6 | CVE-2020-0273 MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | 2020-09-11 | 5 | CVE-2020-25281 MISC |
google — android | In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119 | 2020-09-18 | 4.6 | CVE-2020-0326 MISC |
google — android | In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479 | 2020-09-18 | 5 | CVE-2020-0286 MISC |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path. | 2020-09-18 | 5 | CVE-2020-15768 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user’s password. | 2020-09-18 | 5 | CVE-2020-15770 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user’s anti-CSRF token if the user initiates a cleartext HTTP request. | 2020-09-18 | 4.3 | CVE-2020-15767 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie. | 2020-09-18 | 6.8 | CVE-2020-15776 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL. | 2020-09-18 | 4.3 | CVE-2020-15769 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur. | 2020-09-18 | 5 | CVE-2020-15771 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure. | 2020-09-18 | 4.6 | CVE-2020-15774 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics. | 2020-09-18 | 5 | CVE-2020-15775 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. | 2020-09-18 | 4 | CVE-2020-15773 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration. | 2020-09-18 | 4 | CVE-2020-15772 MISC CONFIRM |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers’ installations. | 2020-09-11 | 6.4 | CVE-2020-25256 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. | 2020-09-11 | 6.4 | CVE-2020-25251 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. | 2020-09-11 | 5 | CVE-2020-25249 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. | 2020-09-11 | 5 | CVE-2020-25255 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | 2020-09-11 | 6.8 | CVE-2020-25252 MISC |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | 2020-09-15 | 6.5 | CVE-2019-4671 XF CONFIRM |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | 2020-09-15 | 4.3 | CVE-2020-4526 XF CONFIRM |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | 2020-09-15 | 6 | CVE-2020-4703 XF CONFIRM |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | 2020-09-15 | 4 | CVE-2020-4711 XF CONFIRM |
inspircd — inspircd | An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. | 2020-09-11 | 6.8 | CVE-2019-20918 MISC MISC MISC |
inspircd — inspircd | An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | 2020-09-11 | 6.8 | CVE-2019-20917 MISC MISC MISC MLIST DEBIAN |
inspircd — inspircd | An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | 2020-09-11 | 6.8 | CVE-2020-25269 MISC MISC MISC MLIST DEBIAN |
istio-operator_project — istio-operator | An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-16 | 6.5 | CVE-2020-14306 MISC MISC |
jenkins — blue_ocean | A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 2020-09-16 | 4 | CVE-2020-2255 MLIST CONFIRM |
jenkins — copy_data_to_workspace | Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2275 MLIST CONFIRM |
jenkins — elastest | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 2020-09-16 | 4.3 | CVE-2020-2273 MLIST CONFIRM |
jenkins — elastest | A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2020-09-16 | 4 | CVE-2020-2272 MLIST CONFIRM |
jenkins — email_extension | Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 2020-09-16 | 5.8 | CVE-2020-2253 MLIST CONFIRM |
jenkins — health_advisor_by_cloudbees | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | 2020-09-16 | 4 | CVE-2020-2258 MLIST CONFIRM |
jenkins — mailer | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 2020-09-16 | 5.8 | CVE-2020-2252 MLIST CONFIRM |
jenkins — mongodb | A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2267 MLIST CONFIRM |
jenkins — perfecto | A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 2020-09-16 | 4 | CVE-2020-2260 MLIST CONFIRM |
jenkins — perfecto | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | 2020-09-16 | 6.5 | CVE-2020-2261 MLIST CONFIRM |
jenkins — storable_configs | Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2277 MLIST CONFIRM |
jenkins — storable_configs | Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s content. | 2020-09-16 | 4 | CVE-2020-2278 MLIST CONFIRM |
kaiostech — kaios | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application’s UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application’s UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14756 MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14757 MISC MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14758 MISC MISC |
kingsoft — wps_office | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | 2020-09-13 | 6.8 | CVE-2020-25291 MISC |
linux — linux_kernel | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 2020-09-13 | 4.4 | CVE-2020-25285 MISC MISC MISC |
linux4sam — at91bootstrap | AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader). | 2020-09-14 | 6.4 | CVE-2020-11684 MISC MISC |
linux4sam — at91bootstrap | A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system. | 2020-09-14 | 4.6 | CVE-2020-11683 MISC MISC |
mcafee — email_gateway | Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | 2020-09-16 | 4 | CVE-2020-7268 MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | 2020-09-15 | 4.1 | CVE-2020-7295 CONFIRM |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | 2020-09-15 | 4.1 | CVE-2020-7294 CONFIRM |
microchip — atsama5d21c-cu_firmware | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | 2020-09-14 | 5 | CVE-2020-12788 MISC |
microchip — atsama5d21c-cu_firmware | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | 2020-09-14 | 4.3 | CVE-2020-12789 MISC |
microchip — atsama5d21c-cu_firmware | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | 2020-09-14 | 4.3 | CVE-2020-12787 MISC |
microsoft — 365_apps | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-1224 N/A |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1338. | 2020-09-11 | 6.8 | CVE-2020-1218 N/A |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1218. | 2020-09-11 | 6.8 | CVE-2020-1338 N/A |
microsoft — asp.net_core | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka ‘Microsoft ASP.NET Core Security Feature Bypass Vulnerability’. | 2020-09-11 | 5 | CVE-2020-1045 FEDORA N/A |
microsoft — dynamics_365 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16860. | 2020-09-11 | 6.5 | CVE-2020-16862 N/A |
microsoft — dynamics_365 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16862. | 2020-09-11 | 6.5 | CVE-2020-16860 N/A |
microsoft — dynamics_365_for_finance_and_operations | A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. | 2020-09-11 | 6.5 | CVE-2020-16857 N/A |
microsoft — edge | A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka ‘Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-16884 N/A |
microsoft — internet_explorer | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. | 2020-09-11 | 5.1 | CVE-2020-0878 N/A |
microsoft — internet_explorer | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘Windows Start-Up Application Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1506 N/A |
microsoft — internet_explorer | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘WinINet API Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1012 N/A |
microsoft — office | An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ‘Microsoft Office Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-16855 N/A |
microsoft — sharepoint_enterprise_server | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. | 2020-09-11 | 4.9 | CVE-2020-1205 N/A |
microsoft — sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. | 2020-09-11 | 6.5 | CVE-2020-1460 N/A |
microsoft — sharepoint_enterprise_server | A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1523. | 2020-09-11 | 4 | CVE-2020-1440 N/A |
microsoft — sharepoint_server | A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1440. | 2020-09-11 | 4 | CVE-2020-1523 N/A |
microsoft — sql_server_reporting_services | A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka ‘SQL Server Reporting Services Security Feature Bypass Vulnerability’. | 2020-09-11 | 4 | CVE-2020-1044 N/A |
microsoft — visual_studio | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1133. | 2020-09-11 | 4.6 | CVE-2020-1130 N/A |
microsoft — visual_studio | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1130. | 2020-09-11 | 4.6 | CVE-2020-1133 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0912 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159. | 2020-09-11 | 4.6 | CVE-2020-1376 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1319. | 2020-09-11 | 6.8 | CVE-2020-1129 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0766. | 2020-09-11 | 4.6 | CVE-2020-1146 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376. | 2020-09-11 | 4.6 | CVE-2020-1159 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1252 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1491 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows InstallService Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1532 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1303. | 2020-09-11 | 6.8 | CVE-2020-1169 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ‘Windows Win32k Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1152 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1308. | 2020-09-11 | 4.6 | CVE-2020-1053 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1115 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Windows Shell Infrastructure Component Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1098 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka ‘Windows Routing Utilities Denial of Service’. | 2020-09-11 | 4.9 | CVE-2020-1038 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376. | 2020-09-11 | 4.6 | CVE-2020-1052 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka ‘Windows CloudExperienceHost Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1471 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0839 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1507 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1091. | 2020-09-11 | 4.3 | CVE-2020-1097 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1097. | 2020-09-11 | 4.3 | CVE-2020-1091 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1508. | 2020-09-11 | 6.8 | CVE-2020-1593 N/A |
microsoft — windows_10 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0790 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1598 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-1256 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-0875 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka ‘Windows DHCP Server Information Disclosure Vulnerability’. | 2020-09-11 | 5 | CVE-2020-1031 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0904. | 2020-09-11 | 4.9 | CVE-2020-0890 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0886. | 2020-09-11 | 4.6 | CVE-2020-1559 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1169. | 2020-09-11 | 6.8 | CVE-2020-1303 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1122 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows RSoP Service Application Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0648 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1146. | 2020-09-11 | 4.6 | CVE-2020-0766 N/A |
microsoft — windows_10 | A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka ‘ADFS Spoofing Vulnerability’. | 2020-09-11 | 4 | CVE-2020-0837 N/A |
microsoft — windows_server_2008 | An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0856. | 2020-09-11 | 4 | CVE-2020-0664 N/A |
microsoft — windows_server_2008 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0836. | 2020-09-11 | 4 | CVE-2020-1228 N/A |
microsoft — windows_server_2008 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0761. | 2020-09-11 | 6.5 | CVE-2020-0718 N/A |
microsoft — windows_server_2008 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1228. | 2020-09-11 | 5 | CVE-2020-0836 N/A |
microsoft — windows_server_2008 | An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0664. | 2020-09-11 | 4 | CVE-2020-0856 N/A |
microsoft — windows_server_2008 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0718. | 2020-09-11 | 6.5 | CVE-2020-0761 N/A |
microsoft — xamarin.forms | A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka ‘Xamarin.Forms Spoofing Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-16873 N/A |
mikrotik — routeros | An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 2020-09-14 | 5 | CVE-2020-11881 MISC MISC |
perl — dbi | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | 2020-09-11 | 5 | CVE-2013-7490 MISC MISC MISC UBUNTU |
perl — dbi | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | 2020-09-11 | 5 | CVE-2013-7491 MISC MISC MISC |
perl — dbi | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | 2020-09-11 | 5 | CVE-2014-10401 MISC MISC MISC UBUNTU |
perl — dbi | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | 2020-09-17 | 5 | CVE-2019-20919 MISC MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | 2020-09-11 | 4.6 | CVE-2020-16212 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | 2020-09-11 | 5.2 | CVE-2020-16228 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-09-11 | 5.8 | CVE-2020-16222 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 2020-09-11 | 5.8 | CVE-2020-16214 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | 2020-09-11 | 6.1 | CVE-2020-16216 MISC |
pligg_project — pligg | Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | 2020-09-13 | 6.5 | CVE-2020-25287 MISC |
primekey — ejbca | An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | 2020-09-11 | 6.8 | CVE-2020-25276 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4 | CVE-2018-19947 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4.3 | CVE-2018-19948 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4.3 | CVE-2018-19946 MISC |
rails — action_view | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View’s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | 2020-09-11 | 4.3 | CVE-2020-15169 CONFIRM |
recall-products_project — recall-products | WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query. | 2020-09-14 | 6.5 | CVE-2020-25379 MISC |
rukovoditel — rukovoditel | Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | 2020-09-14 | 4.3 | CVE-2020-21732 MISC MISC MISC |
sagemcom — f@st_3686_firmware | Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. | 2020-09-14 | 4.3 | CVE-2020-21733 MISC MISC MISC MISC |
spiceworks — spiceworks | Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via “/settings/v1/users” function. | 2020-09-15 | 6.8 | CVE-2020-23451 MISC MISC |
taoensso — nippy | A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | 2020-09-11 | 6.8 | CVE-2020-24164 MISC |
vtenext — vtenext | A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | 2020-09-14 | 6.5 | CVE-2020-10228 MISC MISC MISC |
vtenext — vtenext | A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. | 2020-09-14 | 4.3 | CVE-2020-10227 MISC MISC MISC |
vtenext — vtenext | A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator’s behalf, such as uploading files, adding users, and deleting accounts. | 2020-09-14 | 6.8 | CVE-2020-10229 MISC MISC MISC |
wibu — codemeter | An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. | 2020-09-16 | 5 | CVE-2020-16233 MISC |
wordpress — wordpress | In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 2020-09-13 | 5 | CVE-2020-25286 MISC MISC |
x.org — libx11 | An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. | 2020-09-11 | 4.6 | CVE-2020-14363 CONFIRM MISC UBUNTU |
x.org — xorg-server | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14346 MISC MISC UBUNTU |
x.org — xorg-server | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14362 MISC MISC UBUNTU |
x.org — xorg-server | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14361 MISC MISC UBUNTU |
zeromq — libzmq | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. | 2020-09-11 | 5 | CVE-2020-15166 MISC MISC CONFIRM GENTOO |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
avast — secureline_vpn | The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 2020-09-13 | 2.1 | CVE-2020-25289 MISC |
canonical — ubuntu-ui-toolkit | On desktop, Ubuntu UI Toolkit’s StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. | 2020-09-11 | 2.1 | CVE-2014-1420 UBUNTU UBUNTU |
elementor — elementor_page_builder | A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | 2020-09-16 | 3.5 | CVE-2020-20406 MISC |
elkarbackup — elkarbackup | A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | 2020-09-15 | 3.5 | CVE-2020-24924 MISC MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. | 2020-09-14 | 3.5 | CVE-2020-13301 CONFIRM MISC MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695 | 2020-09-18 | 2.1 | CVE-2020-0304 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779 | 2020-09-18 | 2.1 | CVE-2020-0349 MISC |
google — android | In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309 | 2020-09-18 | 2.1 | CVE-2020-0325 MISC |
google — android | In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device’s IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 | 2020-09-18 | 2.1 | CVE-2020-0331 MISC |
google — android | In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919 | 2020-09-18 | 2.1 | CVE-2020-0316 MISC |
google — android | In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130 | 2020-09-18 | 2.1 | CVE-2020-0263 MISC |
google — android | In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 | 2020-09-18 | 2.1 | CVE-2020-0315 MISC |
google — android | In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989 | 2020-09-18 | 2.1 | CVE-2020-0313 MISC |
google — android | In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642 | 2020-09-18 | 2.1 | CVE-2020-0311 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468 | 2020-09-18 | 2.1 | CVE-2020-0310 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867 | 2020-09-18 | 2.1 | CVE-2020-0307 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375 | 2020-09-18 | 2.1 | CVE-2020-0302 MISC |
google — android | In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487 | 2020-09-18 | 2.1 | CVE-2020-0272 MISC |
google — android | In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969 | 2020-09-18 | 2.1 | CVE-2020-0295 MISC |
google — android | In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 | 2020-09-18 | 2.1 | CVE-2020-0327 MISC |
google — android | In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | 2020-09-18 | 2.1 | CVE-2020-0265 MISC |
google — android | In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626 | 2020-09-18 | 2.1 | CVE-2020-0269 MISC |
google — android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016 | 2020-09-18 | 2.1 | CVE-2020-0291 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586 | 2020-09-18 | 2.1 | CVE-2020-0276 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784 | 2020-09-18 | 2.1 | CVE-2020-0284 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479 | 2020-09-18 | 2.1 | CVE-2020-0285 MISC |
google — android | In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372 | 2020-09-18 | 2.1 | CVE-2020-0294 MISC |
google — android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252 | 2020-09-18 | 2.1 | CVE-2020-0292 MISC |
huawei — bla-a09_firmware | Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab | 2020-09-11 | 2.1 | CVE-2020-9239 MISC |
ibm — business_automation_workflow | IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. | 2020-09-15 | 3.5 | CVE-2020-4530 XF CONFIRM |
ibm — tivoli_business_service_manager | IBM Tivoli Business Service Manager 6.2.0.0 – 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | 2020-09-15 | 2.1 | CVE-2020-4344 XF CONFIRM |
jenkins — android_lint | Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step. | 2020-09-16 | 3.5 | CVE-2020-2262 MLIST CONFIRM |
jenkins — blue_ocean | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | 2020-09-16 | 3.5 | CVE-2020-2254 MLIST CONFIRM |
jenkins — chosen-views-tabbar | Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | 2020-09-16 | 3.5 | CVE-2020-2269 MLIST CONFIRM |
jenkins — clearcase_release | Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2270 MLIST CONFIRM |
jenkins — computer_queue | Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2259 MLIST CONFIRM |
jenkins — coverage/complexity_scatter_plot | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step. | 2020-09-16 | 3.5 | CVE-2020-2265 MLIST CONFIRM |
jenkins — custom_job_icon | Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2264 MLIST CONFIRM |
jenkins — description_column | Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2266 MLIST CONFIRM |
jenkins — elastest | Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-09-16 | 2.1 | CVE-2020-2274 MLIST CONFIRM |
jenkins — locked_files_report | Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files’ names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2271 MLIST CONFIRM |
jenkins — pipeline_maven_integration | Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2256 MLIST CONFIRM |
jenkins — radiator_view | Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2263 MLIST CONFIRM |
jenkins — validating_string_parameter | Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2257 MLIST CONFIRM |
kaiostech — kaios | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14759 MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14760 MISC MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14761 MISC MISC |
linux — linux_kernel | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | 2020-09-13 | 2.1 | CVE-2020-25284 MISC MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 2020-09-16 | 2.7 | CVE-2020-7297 MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | 2020-09-15 | 2.7 | CVE-2020-7296 CONFIRM |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853. | 2020-09-11 | 3.6 | CVE-2020-16852 N/A |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852. | 2020-09-11 | 3.6 | CVE-2020-16853 N/A |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853. | 2020-09-11 | 3.6 | CVE-2020-16851 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0914 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0941. | 2020-09-11 | 2.1 | CVE-2020-1250 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1250. | 2020-09-11 | 2.1 | CVE-2020-0941 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0989 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1033 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0921. | 2020-09-11 | 2.1 | CVE-2020-1083 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka ‘Windows Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-1119 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0890. | 2020-09-11 | 2.1 | CVE-2020-0904 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1592 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-0928 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592. | 2020-09-11 | 2.1 | CVE-2020-16854 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-16879 N/A |
microsoft — windows_10 | A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Security Feature Bypass Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0805 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1589 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1083. | 2020-09-11 | 2.1 | CVE-2020-0921 N/A |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | 2020-09-11 | 2.7 | CVE-2020-16218 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | 2020-09-11 | 3.3 | CVE-2020-16224 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | 2020-09-11 | 3.3 | CVE-2020-16220 MISC |
recall-products_project — recall-products | WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the ‘Recall Settings’ field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | 2020-09-14 | 3.5 | CVE-2020-25380 MISC |
redhat — ansible_engine | An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | 2020-09-11 | 2.1 | CVE-2020-14330 CONFIRM MISC |
softrade — wp_smart_crm_&_invoices | WordPress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | 2020-09-14 | 3.5 | CVE-2020-25375 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1crm — 1crm_system |
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL. | 2020-09-18 | not yet calculated | CVE-2020-15958 MISC MISC MISC MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9745 MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9739 MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9744 MISC |
alfresco — alfresco |
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | 2020-09-17 | not yet calculated | CVE-2020-25727 MISC |
alfresco — alfresco |
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user’s account password include the admin account. | 2020-09-17 | not yet calculated | CVE-2020-25728 MISC |
alfresco — alfresco |
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin’s access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0 | 2020-09-18 | not yet calculated | CVE-2020-15181 MISC CONFIRM |
amq — online_console |
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. | 2020-09-16 | not yet calculated | CVE-2020-14348 MISC |
apache — airflow |
In Apache Airflow < 1.10.12, the “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit. | 2020-09-17 | not yet calculated | CVE-2020-13944 MISC |
apache — atlas |
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | 2020-09-16 | not yet calculated | CVE-2020-13928 MISC |
apache — superset |
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | 2020-09-17 | not yet calculated | CVE-2020-13948 MISC |
apache — syncope |
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. | 2020-09-15 | not yet calculated | CVE-2020-11977 MISC |
bosch — smart_home_system |
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | 2020-09-16 | not yet calculated | CVE-2020-6781 MISC |
buffalo — airstation_whr-g54s |
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 2020-09-18 | not yet calculated | CVE-2020-5605 MISC MISC |
buffalo — airstation_whr-g54s |
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | 2020-09-18 | not yet calculated | CVE-2020-5606 MISC MISC |
citrix — multiple_products |
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. | 2020-09-18 | not yet calculated | CVE-2020-8245 MISC |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | 2020-09-18 | not yet calculated | CVE-2020-8246 MISC |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | 2020-09-18 | not yet calculated | CVE-2020-8247 MISC |
citrix — multiple_xenmobile_servers |
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | 2020-09-18 | not yet calculated | CVE-2020-8253 MISC |
citrix — storefront_server |
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | 2020-09-18 | not yet calculated | CVE-2020-8200 MISC |
colin_percival — bsdiff |
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. | 2020-09-16 | not yet calculated | CVE-2020-14315 MISC MISC MISC |
d-link — dir-816L_and_dir-803_devices |
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. | 2020-09-19 | not yet calculated | CVE-2020-25786 MISC MISC |
dotplant2 — dotplant2 |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST[‘xml’]) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-09-18 | not yet calculated | CVE-2020-25750 MISC |
elkarbackup — elkarbackup |
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | 2020-09-15 | not yet calculated | CVE-2020-24925 MISC MISC |
ewon — flexy_and_cosy |
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. | 2020-09-18 | not yet calculated | CVE-2020-16230 MISC |
fasterxml — jackson-databind |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | 2020-09-17 | not yet calculated | CVE-2020-24750 MISC |
freebox — freebox_hd |
A DNS rebinding vulnerability in Freebox HD before 1.5.29. | 2020-09-16 | not yet calculated | CVE-2020-24374 MISC |
freebox — freebox_server |
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24377 MISC |
freebox — upnp_idg |
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24376 MISC |
freebox — upnp_mediaserver |
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24373 MISC |
fwupd — fwupd |
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity. | 2020-09-15 | not yet calculated | CVE-2020-10759 MISC MISC |
gallagher — command_centre |
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | 2020-09-15 | not yet calculated | CVE-2020-16097 MISC |
gallagher — command_centre |
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. | 2020-09-15 | not yet calculated | CVE-2020-16096 MISC |
gallagher — command_centre |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 2020-09-15 | not yet calculated | CVE-2020-16101 MISC |
gallagher — command_centre |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 2020-09-15 | not yet calculated | CVE-2020-16100 MISC |
gallagher — command_centre |
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. | 2020-09-15 | not yet calculated | CVE-2020-16099 MISC |
gallagher — command_centre |
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported. | 2020-09-15 | not yet calculated | CVE-2020-16098 MISC |
genexis — platinum_4410 |
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. | 2020-09-16 | not yet calculated | CVE-2020-25015 MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. | 2020-09-14 | not yet calculated | CVE-2020-13315 CONFIRM MISC MISC |
gitlab — gitlab |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. | 2020-09-14 | not yet calculated | CVE-2020-13309 CONFIRM MISC MISC |
gnuplot — gnuplot |
gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-25412 MISC |
gnuplot — gnuplot |
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-25559 MISC |
google — android_10_and_11_devices | In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 | 2020-09-17 | not yet calculated | CVE-2020-0390 MISC |
google — android_10_and_11_devices | In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488 | 2020-09-17 | not yet calculated | CVE-2020-0382 MISC |
google — android_10_and_11_devices |
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285 | 2020-09-17 | not yet calculated | CVE-2020-0388 MISC |
google — android_10_and_11_devices |
In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408 | 2020-09-17 | not yet calculated | CVE-2020-0389 MISC |
google — android_11_devices | In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085 | 2020-09-17 | not yet calculated | CVE-2020-0330 MISC |
google — android_11_devices | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 | 2020-09-18 | not yet calculated | CVE-2020-0282 MISC |
google — android_11_devices | In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514 | 2020-09-17 | not yet calculated | CVE-2020-0363 MISC |
google — android_11_devices | In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211 | 2020-09-17 | not yet calculated | CVE-2020-0267 MISC |
google — android_11_devices | In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755 | 2020-09-17 | not yet calculated | CVE-2020-0333 MISC |
google — android_11_devices | In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459 | 2020-09-17 | not yet calculated | CVE-2020-0266 MISC |
google — android_11_devices | In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433 | 2020-09-17 | not yet calculated | CVE-2020-0361 MISC |
google — android_11_devices | In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | 2020-09-18 | not yet calculated | CVE-2020-0318 MISC |
google — android_11_devices | In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144920149 | 2020-09-17 | not yet calculated | CVE-2020-0341 MISC |
google — android_11_devices | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119 | 2020-09-18 | not yet calculated | CVE-2020-0299 MISC |
google — android_11_devices | In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925 | 2020-09-17 | not yet calculated | CVE-2020-0274 MISC |
google — android_11_devices | In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721 | 2020-09-17 | not yet calculated | CVE-2020-0345 MISC |
google — android_11_devices | In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480 | 2020-09-17 | not yet calculated | CVE-2020-0306 MISC |
google — android_11_devices | In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357 | 2020-09-17 | not yet calculated | CVE-2020-0308 MISC |
google — android_11_devices | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765 | 2020-09-18 | not yet calculated | CVE-2020-0319 MISC |
google — android_11_devices | In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493 | 2020-09-17 | not yet calculated | CVE-2020-0355 MISC |
google — android_11_devices | In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147 | 2020-09-17 | not yet calculated | CVE-2020-0372 MISC |
google — android_11_devices |
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563 | 2020-09-17 | not yet calculated | CVE-2020-0358 MISC |
google — android_11_devices |
In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770 | 2020-09-17 | not yet calculated | CVE-2020-0364 MISC |
google — android_11_devices |
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002762 | 2020-09-17 | not yet calculated | CVE-2020-0346 MISC |
google — android_11_devices |
In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790 | 2020-09-17 | not yet calculated | CVE-2020-0426 MISC |
google — android_11_devices |
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920 | 2020-09-17 | not yet calculated | CVE-2020-0314 MISC |
google — android_11_devices |
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266 | 2020-09-18 | not yet calculated | CVE-2020-0298 MISC |
google — android_11_devices |
In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456 | 2020-09-17 | not yet calculated | CVE-2020-0360 MISC |
google — android_11_devices |
There is a possible way to view notifications even when the “Lockdown” feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380 | 2020-09-17 | not yet calculated | CVE-2020-0425 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930 | 2020-09-17 | not yet calculated | CVE-2020-0362 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | 2020-09-18 | not yet calculated | CVE-2020-0348 MISC |
google — android_11_devices |
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569 | 2020-09-17 | not yet calculated | CVE-2020-0357 MISC |
google — android_11_devices |
In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559 | 2020-09-17 | not yet calculated | CVE-2020-0356 MISC |
google — android_11_devices |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331 | 2020-09-18 | not yet calculated | CVE-2020-0354 MISC |
google — android_11_devices |
In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526 | 2020-09-17 | not yet calculated | CVE-2020-0353 MISC |
google — android_11_devices |
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | 2020-09-17 | not yet calculated | CVE-2020-0352 MISC |
google — android_11_devices |
In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 | 2020-09-17 | not yet calculated | CVE-2020-0351 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | 2020-09-18 | not yet calculated | CVE-2020-0350 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216 | 2020-09-18 | not yet calculated | CVE-2020-0300 MISC |
google — android_11_devices |
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382 | 2020-09-17 | not yet calculated | CVE-2020-0337 MISC |
google — android_11_devices |
In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | 2020-09-18 | not yet calculated | CVE-2020-0347 MISC |
google — android_11_devices |
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596 | 2020-09-17 | not yet calculated | CVE-2020-0264 MISC |
google — android_11_devices |
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | 2020-09-18 | not yet calculated | CVE-2020-0405 MISC |
google — android_11_devices |
In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137794014 | 2020-09-17 | not yet calculated | CVE-2020-0406 MISC |
google — android_11_devices |
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253476 | 2020-09-17 | not yet calculated | CVE-2020-0375 MISC |
google — android_11_devices |
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | 2020-09-17 | not yet calculated | CVE-2020-0374 MISC |
google — android_11_devices |
In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086 | 2020-09-17 | not yet calculated | CVE-2020-0373 MISC |
google — android_11_devices |
In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700 | 2020-09-17 | not yet calculated | CVE-2020-0370 MISC |
google — android_11_devices |
In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130231426 | 2020-09-17 | not yet calculated | CVE-2020-0369 MISC |
google — android_11_devices |
In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 | 2020-09-17 | not yet calculated | CVE-2020-0359 MISC |
google — android_11_devices |
In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | 2020-09-18 | not yet calculated | CVE-2020-0365 MISC |
google — android_11_devices |
In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522 | 2020-09-17 | not yet calculated | CVE-2020-0340 MISC |
google — android_11_devices |
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107 | 2020-09-17 | not yet calculated | CVE-2020-0338 MISC |
google — android_11_devices |
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 | 2020-09-17 | not yet calculated | CVE-2020-0336 MISC |
google — android_11_devices |
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | 2020-09-17 | not yet calculated | CVE-2020-0344 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 | 2020-09-18 | not yet calculated | CVE-2020-0335 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 | 2020-09-18 | not yet calculated | CVE-2020-0334 MISC |
google — android_11_devices |
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472 | 2020-09-17 | not yet calculated | CVE-2020-0343 MISC |
google — android_11_devices |
In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982 | 2020-09-17 | not yet calculated | CVE-2020-0332 MISC |
google — android_11_devices |
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131 | 2020-09-17 | not yet calculated | CVE-2020-0328 MISC |
google — android_11_devices |
In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304 | 2020-09-17 | not yet calculated | CVE-2020-0324 MISC |
google — android_11_devices |
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087 | 2020-09-17 | not yet calculated | CVE-2020-0323 MISC |
google — android_11_devices |
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540 | 2020-09-17 | not yet calculated | CVE-2020-0322 MISC |
google — android_11_devices |
In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907 | 2020-09-17 | not yet calculated | CVE-2020-0321 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427 | 2020-09-17 | not yet calculated | CVE-2020-0320 MISC |
google — android_11_devices |
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940 | 2020-09-17 | not yet calculated | CVE-2020-0329 MISC |
google — android_11_devices |
In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815 | 2020-09-17 | not yet calculated | CVE-2020-0366 MISC |
google — android_11_devices |
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624 | 2020-09-17 | not yet calculated | CVE-2020-0297 MISC |
google — android_11_devices |
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099 | 2020-09-17 | not yet calculated | CVE-2020-0312 MISC |
google — android_11_devices |
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209 | 2020-09-17 | not yet calculated | CVE-2020-0296 MISC |
google — android_11_devices |
In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394 | 2020-09-17 | not yet calculated | CVE-2020-0287 MISC |
google — android_11_devices |
In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379 | 2020-09-17 | not yet calculated | CVE-2020-0130 MISC |
google — android_11_devices |
In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320 | 2020-09-18 | not yet calculated | CVE-2020-0309 MISC |
google — android_11_devices |
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | 2020-09-18 | not yet calculated | CVE-2020-0089 MISC |
google — android_11_devices |
In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229 | 2020-09-17 | not yet calculated | CVE-2020-0303 MISC |
google — android_11_devices |
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929 | 2020-09-17 | not yet calculated | CVE-2020-0317 MISC |
google — android_11_devices |
In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168 | 2020-09-17 | not yet calculated | CVE-2020-0125 MISC |
google — android_11_devices |
In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081 | 2020-09-18 | not yet calculated | CVE-2020-0271 MISC |
google — android_11_devices |
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008 | 2020-09-18 | not yet calculated | CVE-2020-0262 MISC |
google — android_11_devices |
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141455849 | 2020-09-17 | not yet calculated | CVE-2020-0293 MISC |
google — android_11_devices |
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn’t have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736 | 2020-09-17 | not yet calculated | CVE-2020-0275 MISC |
google — android_11_devices |
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device’s data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993 | 2020-09-17 | not yet calculated | CVE-2020-0277 MISC |
google — android_11_devices |
In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628 | 2020-09-17 | not yet calculated | CVE-2020-0270 MISC |
google — android_11_devices |
In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | 2020-09-17 | not yet calculated | CVE-2020-0279 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | 2020-09-18 | not yet calculated | CVE-2020-0281 MISC |
google — android_11_devices |
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | 2020-09-18 | not yet calculated | CVE-2020-0268 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991 | 2020-09-17 | not yet calculated | CVE-2020-0288 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 | 2020-09-17 | not yet calculated | CVE-2020-0301 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872 | 2020-09-17 | not yet calculated | CVE-2020-0289 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866 | 2020-09-17 | not yet calculated | CVE-2020-0290 MISC |
google — android_devices | There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576 | 2020-09-17 | not yet calculated | CVE-2020-0342 MISC |
google — android_devices | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | not yet calculated | CVE-2020-5629 MISC |
google — android_devices | In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804 | 2020-09-17 | not yet calculated | CVE-2020-0387 MISC |
google — android_devices | In Pixel’s use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508 | 2020-09-17 | not yet calculated | CVE-2020-0434 MISC |
google — android_devices | In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A | 2020-09-17 | not yet calculated | CVE-2020-0407 MISC |
google — android_devices | In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 | 2020-09-17 | not yet calculated | CVE-2020-0427 MISC |
google — android_devices | In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669 | 2020-09-17 | not yet calculated | CVE-2020-0381 MISC |
google — android_devices |
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 | 2020-09-17 | not yet calculated | CVE-2020-0431 MISC |
google — android_devices |
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | 2020-09-17 | not yet calculated | CVE-2020-0404 MISC |
google — android_devices |
In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923 | 2020-09-17 | not yet calculated | CVE-2020-0403 MISC |
google — android_devices |
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 | 2020-09-17 | not yet calculated | CVE-2020-0432 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574 | 2020-09-17 | not yet calculated | CVE-2020-0278 MISC |
google — android_devices |
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 | 2020-09-17 | not yet calculated | CVE-2020-0433 MISC |
google — android_devices |
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783 | 2020-09-17 | not yet calculated | CVE-2020-0428 MISC |
google — android_devices |
In inline_data_addr of f2fs.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133762747 | 2020-09-17 | not yet calculated | CVE-2020-0435 MISC |
google — android_devices |
In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554 | 2020-09-17 | not yet calculated | CVE-2020-0430 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 | 2020-09-17 | not yet calculated | CVE-2020-0123 MISC |
google — android_devices |
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | not yet calculated | CVE-2020-5628 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 | 2020-09-17 | not yet calculated | CVE-2020-0229 MISC |
google — android_devices |
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806 | 2020-09-17 | not yet calculated | CVE-2020-0429 MISC |
google — brotli |
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a “one-shot” decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the “streaming” API as opposed to the “one-shot” API, and impose chunk size limits. | 2020-09-15 | not yet calculated | CVE-2020-8927 CONFIRM |
google — multiple_android_devices | In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307 | 2020-09-17 | not yet calculated | CVE-2020-0395 MISC |
google — multiple_android_devices | In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149 | 2020-09-17 | not yet calculated | CVE-2020-0245 MISC |
google — multiple_android_devices | In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591 | 2020-09-17 | not yet calculated | CVE-2020-0399 MISC |
google — multiple_android_devices |
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253 | 2020-09-17 | not yet calculated | CVE-2020-0401 MISC |
google — multiple_android_devices |
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492 | 2020-09-17 | not yet calculated | CVE-2020-0379 MISC |
google — multiple_android_devices |
In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906 | 2020-09-17 | not yet calculated | CVE-2020-0384 MISC |
google — multiple_android_devices |
In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279 | 2020-09-17 | not yet calculated | CVE-2020-0383 MISC |
google — multiple_android_devices |
In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041 | 2020-09-17 | not yet calculated | CVE-2020-0385 MISC |
google — multiple_android_devices |
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356 | 2020-09-17 | not yet calculated | CVE-2020-0386 MISC |
google — multiple_android_devices |
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769 | 2020-09-17 | not yet calculated | CVE-2020-0391 MISC |
google — multiple_android_devices |
In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412 | 2020-09-17 | not yet calculated | CVE-2020-0393 MISC |
google — multiple_android_devices |
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120 | 2020-09-17 | not yet calculated | CVE-2020-0074 MISC |
google — multiple_android_devices |
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979 | 2020-09-17 | not yet calculated | CVE-2020-0380 MISC |
google — multiple_android_devices |
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639 | 2020-09-17 | not yet calculated | CVE-2020-0394 MISC |
google — multiple_android_devices |
In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269 | 2020-09-17 | not yet calculated | CVE-2020-0396 MISC |
google — multiple_android_devices |
In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443 | 2020-09-17 | not yet calculated | CVE-2020-0397 MISC |
google — multiple_android_devices |
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-150226608 | 2020-09-17 | not yet calculated | CVE-2020-0392 MISC |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software. | 2020-09-17 | not yet calculated | CVE-2020-15185 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters. | 2020-09-17 | not yet calculated | CVE-2020-15184 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm –help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range. | 2020-09-17 | not yet calculated | CVE-2020-15186 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin’s install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. | 2020-09-17 | not yet calculated | CVE-2020-15187 MISC CONFIRM |
hewlett_packard — enterprise_universal_api_framework |
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | 2020-09-18 | not yet calculated | CVE-2020-24623 MISC |
huawei — taurus-anoob_devices |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | 2020-09-18 | not yet calculated | CVE-2020-9084 MISC |
ibm — bladecenter_advanced_management_module |
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user’s AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. | 2020-09-15 | not yet calculated | CVE-2020-8339 MISC |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. | 2020-09-16 | not yet calculated | CVE-2020-4409 XF CONFIRM |
ibm — security_trusteer_pinpoint_detect |
IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | 2020-09-16 | not yet calculated | CVE-2020-4708 XF CONFIRM |
installbuilder — installbuilder |
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. | 2020-09-18 | not yet calculated | CVE-2020-3979 MISC |
intel — multiple_products |
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 2020-09-14 | not yet calculated | CVE-2020-24457 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | 2020-09-16 | not yet calculated | CVE-2020-2268 MLIST CONFIRM |
joomla — joomla! |
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | 2020-09-18 | not yet calculated | CVE-2020-25751 MISC MISC |
json-bigint — json-bigint |
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | 2020-09-18 | not yet calculated | CVE-2020-8237 MISC |
lenovo — |
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | 2020-09-15 | not yet calculated | CVE-2020-8342 MISC |
lenovo — system_x_imm2 |
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user’s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself. | 2020-09-15 | not yet calculated | CVE-2020-8340 MISC |
lenovo — vantage |
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | 2020-09-15 | not yet calculated | CVE-2020-8346 MISC |
lg — multiple_products |
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | 2020-09-14 | not yet calculated | CVE-2020-7807 MISC MISC |
libraw — libraw |
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-24890 MISC |
libraw — libraw |
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-24889 MISC |
linux — linux_kernel | A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being ‘force disabled’ when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. | 2020-09-16 | not yet calculated | CVE-2020-10768 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | not yet calculated | CVE-2020-14331 MISC MISC MISC |
linux — linux_kernel |
A memory disclosure flaw was found in the Linux kernel’s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-14304 MISC CONFIRM |
linux — linux_kernel |
A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability. | 2020-09-18 | not yet calculated | CVE-2020-14390 MISC MISC MISC |
linux — linux_kernel |
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. | 2020-09-15 | not yet calculated | CVE-2020-14314 CONFIRM MISC MISC |
linux — linux_kernel |
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-10766 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-10767 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. | 2020-09-16 | not yet calculated | CVE-2020-10781 CONFIRM MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | 2020-09-16 | not yet calculated | CVE-2020-14386 CONFIRM MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | 2020-09-15 | not yet calculated | CVE-2020-14385 CONFIRM MISC |
london_trust_media — private_internet_access_vpn_client_for_linux |
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically. | 2020-09-14 | not yet calculated | CVE-2020-15590 MISC MISC MISC |
mediawiki — mediawiki |
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors’ browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely. | 2020-09-15 | not yet calculated | CVE-2020-15179 MISC CONFIRM |
micro_focus — operation_agent |
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | 2020-09-18 | not yet calculated | CVE-2020-11861 MISC |
misp — misp |
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | 2020-09-18 | not yet calculated | CVE-2020-25766 MISC MISC |
nextcloud — desktop_client |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 2020-09-18 | not yet calculated | CVE-2020-8225 MISC MISC |
nifty — project_management_web_application |
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. | 2020-09-15 | not yet calculated | CVE-2020-25071 MISC MISC |
nitro_software — nitro_pro |
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6112 MISC |
nitro_software — nitro_pro |
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6113 MISC |
nitro_software — nitro_pro |
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6115 MISC |
nitro_software — nitro_pro |
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6116 MISC |
node.js — node.js |
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | 2020-09-18 | not yet calculated | CVE-2020-8251 MISC MISC |
node.js — node.js |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | 2020-09-18 | not yet calculated | CVE-2020-8252 MISC MISC |
node.js — node.js |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | 2020-09-18 | not yet calculated | CVE-2020-8201 MISC MISC |
nvidia — geforce_now |
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. | 2020-09-18 | not yet calculated | CVE-2020-5975 CONFIRM |
nvidia — geforce_now |
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure. | 2020-09-18 | not yet calculated | CVE-2020-5976 CONFIRM |
objective_systems — objective_open_cbor |
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. | 2020-09-17 | not yet calculated | CVE-2020-24753 MISC MISC |
ozeki — ng_sms_gateway |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. | 2020-09-18 | not yet calculated | CVE-2020-14029 MISC MISC |
ozeki — ng_sms_gateway |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITYSYSTEM privileges. | 2020-09-18 | not yet calculated | CVE-2020-14021 MISC MISC MISC |
perl — perl |
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | 2020-09-16 | not yet calculated | CVE-2014-10402 MISC |
perl — perl |
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service’s availability. | 2020-09-16 | not yet calculated | CVE-2020-14392 SUSE MISC MISC UBUNTU |
perl — perl |
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | 2020-09-16 | not yet calculated | CVE-2020-14393 SUSE MISC MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | 2020-09-18 | not yet calculated | CVE-2020-14525 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 2020-09-18 | not yet calculated | CVE-2020-16200 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 2020-09-18 | not yet calculated | CVE-2020-16247 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-09-18 | not yet calculated | CVE-2020-16198 MISC |
philips — clinical_collaboration_platfotm |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | 2020-09-18 | not yet calculated | CVE-2020-14506 MISC |
postgresql — postgreql |
The Windows installer for PostgreSQL 9.5 – 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer’s administrative rights. | 2020-09-16 | not yet calculated | CVE-2020-10733 MISC MISC |
prestashop — prestashop |
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim’s browser. | 2020-09-15 | not yet calculated | CVE-2020-15178 MISC CONFIRM MISC |
puppet — puppet_enterprise |
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | 2020-09-18 | not yet calculated | CVE-2020-7945 MISC |
rad — secflow-1v |
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259. | 2020-09-17 | not yet calculated | CVE-2020-13260 MISC MISC MISC |
rad — secflow-1v |
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. | 2020-09-16 | not yet calculated | CVE-2020-13259 MISC EXPLOIT-DB |
rapid7 — appspider |
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. | 2020-09-18 | not yet calculated | CVE-2020-7358 MISC |
red_discord_bot — act_module |
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible. | 2020-09-15 | not yet calculated | CVE-2020-15172 MISC CONFIRM |
red_hat — jboss_eap |
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | 2020-09-16 | not yet calculated | CVE-2020-1710 MISC |
red_hat — jboss_keycloak | A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. | 2020-09-16 | not yet calculated | CVE-2020-1694 MISC |
red_hat — jboss_keycloak |
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | 2020-09-16 | not yet calculated | CVE-2020-10758 MISC |
red_hat — jboss_keycloak |
A flaw was found in Keycloak’s data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. | 2020-09-16 | not yet calculated | CVE-2020-10748 MISC |
red_hat — openshift_console |
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. | 2020-09-16 | not yet calculated | CVE-2020-10715 MISC MISC |
red_hat — qt_library |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | 2020-09-14 | not yet calculated | CVE-2020-0570 MISC |
resteasy — resteasy |
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server’s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | 2020-09-18 | not yet calculated | CVE-2020-25633 CONFIRM |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. | 2020-09-19 | not yet calculated | CVE-2020-25794 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. | 2020-09-19 | not yet calculated | CVE-2020-25796 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. | 2020-09-19 | not yet calculated | CVE-2020-25795 MISC MISC |
rust — rust |
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. | 2020-09-14 | not yet calculated | CVE-2020-25573 MISC MISC |
rust — rust |
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. | 2020-09-14 | not yet calculated | CVE-2020-25576 MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). | 2020-09-19 | not yet calculated | CVE-2020-25791 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). | 2020-09-19 | not yet calculated | CVE-2020-25792 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. | 2020-09-19 | not yet calculated | CVE-2020-25793 MISC MISC |
rust — rust |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-09-14 | not yet calculated | CVE-2020-25575 MISC MISC |
rust — rust |
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | 2020-09-14 | not yet calculated | CVE-2020-25574 MISC MISC |
safervpn_for_windows — safervpn_for_windows |
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%SaferVPNLog is followed. | 2020-09-18 | not yet calculated | CVE-2020-25744 MISC MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | 2020-09-16 | not yet calculated | CVE-2020-7528 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Transversal’) vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | 2020-09-16 | not yet calculated | CVE-2020-7529 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | 2020-09-16 | not yet calculated | CVE-2020-7530 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | 2020-09-16 | not yet calculated | CVE-2020-7531 MISC |
schnieder_electric — scadapack_7x_security_administrator |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | 2020-09-16 | not yet calculated | CVE-2020-7532 MISC |
solarwinds — orion_platform |
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | 2020-09-17 | not yet calculated | CVE-2020-13169 CONFIRM MISC |
sourcecodester — online_course_registartion |
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | 2020-09-15 | not yet calculated | CVE-2020-23828 MISC MISC |
soycms — soycms | SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage. | 2020-09-17 | not yet calculated | CVE-2020-15183 MISC CONFIRM MISC |
soycms — soycms | SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328. | 2020-09-18 | not yet calculated | CVE-2020-15189 MISC MISC MISC CONFIRM MISC |
soycms — soycms | SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328. | 2020-09-18 | not yet calculated | CVE-2020-15188 MISC MISC CONFIRM MISC |
soycms — soycms | The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. | 2020-09-17 | not yet calculated | CVE-2020-15182 MISC CONFIRM MISC |
spring — spring_framework |
In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 2020-09-19 | not yet calculated | CVE-2020-5421 CONFIRM |
sqreen — php_agent_daemon |
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | 2020-09-17 | not yet calculated | CVE-2020-25490 CONFIRM |
sqreen — pyminiracer |
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. | 2020-09-17 | not yet calculated | CVE-2020-25489 CONFIRM MISC |
suse — multiple_products |
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. | 2020-09-17 | not yet calculated | CVE-2020-8028 CONFIRM |
sylabs — singularity |
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | 2020-09-16 | not yet calculated | CVE-2020-25040 MISC MISC |
sylabs — singularity |
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | 2020-09-16 | not yet calculated | CVE-2020-25039 MISC MISC |
tibco_software — multiple_products |
The Spotfire client component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. | 2020-09-15 | not yet calculated | CVE-2020-9416 CONFIRM CONFIRM |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST[“url”] in an error message. | 2020-09-19 | not yet calculated | CVE-2020-25788 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. | 2020-09-19 | not yet calculated | CVE-2020-25787 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. | 2020-09-19 | not yet calculated | CVE-2020-25789 MISC MISC |
titanhq — spamtitan | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. | 2020-09-17 | not yet calculated | CVE-2020-11803 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | 2020-09-17 | not yet calculated | CVE-2020-11804 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. | 2020-09-17 | not yet calculated | CVE-2020-11699 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. | 2020-09-17 | not yet calculated | CVE-2020-11700 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | 2020-09-17 | not yet calculated | CVE-2020-11698 MISC MISC MISC MISC |
titanhq — spantitan_gateway |
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login. | 2020-09-17 | not yet calculated | CVE-2020-24046 MISC MISC MISC MISC |
titanhq — spantitan_gateway |
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. | 2020-09-17 | not yet calculated | CVE-2020-24045 MISC MISC MISC MISC |
trend_micro — serverprotect |
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | 2020-09-15 | not yet calculated | CVE-2020-24561 N/A |
typeorm — typeorm |
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | 2020-09-18 | not yet calculated | CVE-2020-8158 MISC |
ua-parser-js — ua-parser-js |
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | 2020-09-16 | not yet calculated | CVE-2020-7733 CONFIRM CONFIRM CONFIRM CONFIRM |
vmware — fusion |
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. | 2020-09-16 | not yet calculated | CVE-2020-3980 MISC |
vmware — workstation |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3986 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | 2020-09-16 | not yet calculated | CVE-2020-3989 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3987 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | 2020-09-16 | not yet calculated | CVE-2020-3990 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3988 MISC |
vr_cam — p1_camera |
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | 2020-09-15 | not yet calculated | CVE-2020-23512 MISC |
webtareas — webtareas |
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 2020-09-18 | not yet calculated | CVE-2020-25733 MISC MISC MISC |
webtareas — webtareas |
webTareas through 2.1 allows files/Default/ Directory Listing. | 2020-09-18 | not yet calculated | CVE-2020-25734 MISC MISC MISC |
webtareas — webtareas |
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | 2020-09-18 | not yet calculated | CVE-2020-25735 MISC MISC MISC |
wibu-systems — codemeter |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. | 2020-09-16 | not yet calculated | CVE-2020-14517 MISC |
wibu-systems — codemeter |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. | 2020-09-16 | not yet calculated | CVE-2020-14519 MISC |
wibu-systems — codemeter |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. | 2020-09-16 | not yet calculated | CVE-2020-14513 MISC |
wibu-systems — codemeter |
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. | 2020-09-16 | not yet calculated | CVE-2020-14509 MISC |
wibu-systems — codemeter |
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. | 2020-09-16 | not yet calculated | CVE-2020-14515 MISC |
wildfly — wildfly |
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. | 2020-09-16 | not yet calculated | CVE-2020-1748 MISC |
wildfly– wildfly |
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality. | 2020-09-16 | not yet calculated | CVE-2020-10718 MISC |
wildfly– wildfly |
A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. All xerces jboss versions before 2.12.0.SP3. | 2020-09-17 | not yet calculated | CVE-2020-14338 MISC |
x.org — x.org |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | not yet calculated | CVE-2020-14345 MISC MISC UBUNTU UBUNTU |
xmlquery — xmlquery |
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | 2020-09-16 | not yet calculated | CVE-2020-25614 MISC MISC |
yii — yii_2 |
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. | 2020-09-15 | not yet calculated | CVE-2020-15148 MISC CONFIRM |
yworks — yed_desktop |
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 2020-09-17 | not yet calculated | CVE-2020-25216 MISC |
yworks — yed_desktop |
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | 2020-09-17 | not yet calculated | CVE-2020-25215 MISC |
zoneminder — zoneminder |
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. | 2020-09-17 | not yet calculated | CVE-2020-25729 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.