Vulnerability Summary for the Week of September 28, 2020

Original release date: October 5, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cpanel — cpanel cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). 2020-09-25 7.5 CVE-2020-26108
MISC
cpanel — cpanel chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). 2020-09-25 7.5 CVE-2020-26100
MISC
cpanel — cpanel cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). 2020-09-25 7.5 CVE-2020-26098
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). 2020-10-02 7.5 CVE-2020-26539
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. 2020-10-02 7.5 CVE-2020-26537
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). 2020-10-02 7.5 CVE-2020-26535
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. 2020-10-02 7.5 CVE-2020-26534
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens 2020-09-30 7.5 CVE-2020-13296
CONFIRM
MISC
MISC
hoosk — hoosk An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php 2020-09-30 7.5 CVE-2020-26042
MISC
hoosk — hoosk An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php 2020-09-30 7.5 CVE-2020-26041
MISC
metinfo — metinfo An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. 2020-09-30 7.5 CVE-2020-20800
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. 2020-09-25 7.5 CVE-2020-25147
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. 2020-09-25 7.5 CVE-2020-25132
MISC
pexip — infinity Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). 2020-09-25 7.8 CVE-2018-10432
CONFIRM
MISC
pexip — pexip_infinity Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. 2020-09-25 9.3 CVE-2020-11805
CONFIRM
pexip — pexip_infinity Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. 2020-09-25 9 CVE-2019-7177
MISC
CONFIRM
pexip — pexip_infinity Pexip Infinity before 18 allows remote Denial of Service (XML parsing). 2020-09-25 7.8 CVE-2018-10585
CONFIRM
MISC
pexip — pexip_infinity Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. 2020-09-25 9 CVE-2019-7178
MISC
CONFIRM
rainbowfishsoftware — pacsone_server RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. 2020-09-30 7.5 CVE-2020-12870
MISC
MISC
teltonika-networks — trb245_firmware Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. 2020-10-01 8.5 CVE-2020-5788
MISC
teltonika-networks — trb245_firmware Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. 2020-10-01 8.5 CVE-2020-5787
MISC
tensorflow — tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. 2020-09-25 7.5 CVE-2020-15212
MISC
MISC
CONFIRM
tensorflow — tensorflow In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 7.5 CVE-2020-15208
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 7.5 CVE-2020-15205
MISC
MISC
CONFIRM
zohocorp — manageengine_applications_manager The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. 2020-09-25 7.5 CVE-2020-15394
MISC
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cpanel — cpanel In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). 2020-09-25 5 CVE-2020-26102
MISC
cpanel — cpanel cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). 2020-09-25 4.3 CVE-2020-26110
MISC
cpanel — cpanel cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). 2020-09-25 5 CVE-2020-26109
MISC
cpanel — cpanel cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). 2020-09-25 5 CVE-2020-26107
MISC
cpanel — cpanel cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). 2020-09-25 5 CVE-2020-26106
MISC
cpanel — cpanel In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). 2020-09-25 5 CVE-2020-26105
MISC
cpanel — cpanel In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). 2020-09-25 5 CVE-2020-26104
MISC
cpanel — cpanel cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). 2020-09-25 4.3 CVE-2020-26111
MISC
cpanel — cpanel cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). 2020-09-25 4.3 CVE-2020-26113
MISC
cpanel — cpanel In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). 2020-09-25 5 CVE-2020-26103
MISC
cpanel — cpanel In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). 2020-09-25 5 CVE-2020-26101
MISC
cpanel — cpanel cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). 2020-09-25 5 CVE-2020-26099
MISC
cpanel — cpanel The email quota cache in cPanel before 90.0.10 allows overwriting of files. 2020-09-25 5 CVE-2020-26112
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. 2020-10-02 5 CVE-2020-26540
MISC
foxitsoftware — foxit_reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. 2020-10-02 4.3 CVE-2020-26536
MISC
froala — froala_editor Froala Editor before 3.2.2 allows XSS via pasted content. 2020-10-02 4.3 CVE-2020-26523
MISC
ge — s2020_firmware The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. 2020-09-25 4.3 CVE-2020-16242
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. 2020-09-30 6.5 CVE-2020-13321
CONFIRM
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. 2020-09-30 6.5 CVE-2020-13322
CONFIRM
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. 2020-09-30 5.5 CVE-2020-13325
CONFIRM
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos 2020-09-30 4.3 CVE-2020-13323
CONFIRM
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. 2020-09-30 4.3 CVE-2020-13324
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. 2020-09-30 4 CVE-2020-13319
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. 2020-09-30 4 CVE-2020-13320
CONFIRM
MISC
hoosk — hoosk An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php 2020-09-30 4.3 CVE-2020-26043
MISC
ibm — business_automation_workflow IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. 2020-09-25 5 CVE-2020-4531
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 2020-09-25 4.3 CVE-2020-4727
XF
CONFIRM
ibm — security_verify_privilege_vault_remote_on-premises IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. 2020-09-29 4.6 CVE-2020-4607
XF
CONFIRM
jdownloads — jdownloads SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. 2020-09-25 5 CVE-2020-19455
MISC
jdownloads — jdownloads SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. 2020-09-25 5 CVE-2020-19450
MISC
jdownloads — jdownloads SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. 2020-09-25 5 CVE-2020-19451
MISC
linux — linux_kernel The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. 2020-10-02 6.9 CVE-2020-26541
MISC
mitel — micloud_management_portal Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. 2020-09-25 5 CVE-2020-24592
MISC
CONFIRM
mitel — micloud_management_portal Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. 2020-09-25 6.8 CVE-2020-24594
MISC
CONFIRM
mitel — micloud_management_portal Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. 2020-09-25 5 CVE-2020-24595
MISC
CONFIRM
mitel — micloud_management_portal Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. 2020-09-25 6.5 CVE-2020-24593
MISC
CONFIRM
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. 2020-10-01 6.8 CVE-2020-15673
MISC
MISC
MISC
MISC
mozilla — firefox Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. 2020-10-01 4.3 CVE-2020-15676
MISC
MISC
MISC
MISC
mozilla — firefox A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. 2020-10-01 4.3 CVE-2020-15668
MISC
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. 2020-10-01 6.8 CVE-2020-15670
MISC
MISC
MISC
MISC
MISC
mozilla — firefox By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. 2020-10-01 5.8 CVE-2020-15677
MISC
MISC
MISC
MISC
mozilla — firefox When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. 2020-10-01 6.8 CVE-2020-15675
MISC
MISC
mozilla — firefox When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. 2020-10-01 6.8 CVE-2020-15678
MISC
MISC
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. 2020-10-01 6.8 CVE-2020-15674
MISC
MISC
mozilla — firefox_esr When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. 2020-10-01 6.8 CVE-2020-15669
MISC
MISC
MISC
ng-packagr_project — ng-packagr The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. 2020-09-25 6.5 CVE-2020-7735
CONFIRM
CONFIRM
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. 2020-09-25 6.5 CVE-2020-25136
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI. 2020-09-25 4.3 CVE-2020-25131
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php. 2020-09-25 6.5 CVE-2020-25143
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI. 2020-09-25 4.3 CVE-2020-25135
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. 2020-09-25 6.5 CVE-2020-25144
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. 2020-09-25 6.5 CVE-2020-25145
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. 2020-09-25 6.5 CVE-2020-25149
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field. 2020-09-25 4 CVE-2020-25130
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. 2020-09-25 4.3 CVE-2020-25139
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. 2020-09-25 6.5 CVE-2020-25133
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. 2020-09-25 4.3 CVE-2020-25140
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. 2020-09-25 4.3 CVE-2020-25137
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. 2020-09-25 4.3 CVE-2020-25138
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. 2020-09-25 6.5 CVE-2020-25134
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. 2020-09-25 4.3 CVE-2020-25141
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. 2020-09-25 4.3 CVE-2020-25142
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. 2020-09-25 4.3 CVE-2020-25146
MISC
observium — observium An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. 2020-09-25 4.3 CVE-2020-25148
MISC
pexip — pexip_infinity Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. 2020-09-25 5 CVE-2020-24615
CONFIRM
MISC
pexip — pexip_infinity Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. 2020-09-25 5 CVE-2020-13387
CONFIRM
MISC
pexip — pexip_infinity Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. 2020-09-25 5 CVE-2020-12824
CONFIRM
MISC
pexip — pexip_infinity Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. 2020-09-25 4.3 CVE-2017-17477
CONFIRM
CONFIRM
qemu — qemu QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. 2020-09-25 4.4 CVE-2020-25085
CONFIRM
MISC
MISC
qemu — qemu hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. 2020-09-25 4.7 CVE-2020-25625
CONFIRM
MISC
rainbowfishsoftware — pacsone_server RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. 2020-09-30 6.5 CVE-2020-12715
MISC
MISC
redhat — pagure Pagure before 5.6 allows XSS via the templates/blame.html blame view. 2020-09-25 4.3 CVE-2019-11556
CONFIRM
CONFIRM
MISC
teltonika-networks — trb245_firmware Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. 2020-10-01 4 CVE-2020-5789
MISC
teltonika-networks — trb245_firmware Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. 2020-10-01 6.8 CVE-2020-5786
MISC
teltonika-networks — trb245_firmware Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. 2020-10-01 4 CVE-2020-5784
MISC
teltonika-networks — trb245_firmware Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. 2020-10-01 4.3 CVE-2020-5785
MISC
tensorflow — tensorflow In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. 2020-09-25 5 CVE-2020-15191
MISC
MISC
CONFIRM
tensorflow — tensorflow In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 4.3 CVE-2020-15209
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 4.3 CVE-2020-15200
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 4.3 CVE-2020-15199
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 6.5 CVE-2020-15195
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don’t validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 6.5 CVE-2020-15196
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 6.8 CVE-2020-15201
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 5 CVE-2020-15190
MISC
MISC
CONFIRM
tensorflow — tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. 2020-09-25 4.3 CVE-2020-15213
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 5.8 CVE-2020-15198
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow’s `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 5 CVE-2020-15206
MISC
MISC
CONFIRM
tensorflow — tensorflow In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 5 CVE-2020-15204
MISC
MISC
CONFIRM
tensorflow — tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. 2020-09-25 6.8 CVE-2020-15214
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 5 CVE-2020-15203
MISC
MISC
CONFIRM
tensorflow — tensorflow In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python’s indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 6.8 CVE-2020-15207
MISC
MISC
CONFIRM
tensorflow — tensorflow In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 6.8 CVE-2020-15202
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don’t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code. 2020-09-25 5.8 CVE-2020-15211
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. 2020-09-25 5.8 CVE-2020-15210
MISC
MISC
CONFIRM
trendmicro — apex_one A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. 2020-09-29 6.8 CVE-2020-25773
N/A
N/A
zohocorp — manageengine_applications_manager Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . 2020-09-25 4.3 CVE-2020-15521
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cmsmadesimple — cms_made_simple CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. 2020-09-30 3.5 CVE-2020-22842
MISC
dpdk — data_plane_development_kit An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. 2020-09-30 2.1 CVE-2020-14378
SUSE
SUSE
MISC
UBUNTU
MISC
gitlab — gitlab A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. 2020-09-30 3.5 CVE-2020-13326
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. 2020-09-30 3.5 CVE-2020-13328
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. 2020-09-30 3.5 CVE-2020-13329
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. 2020-09-30 3.5 CVE-2020-13330
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. 2020-09-30 3.5 CVE-2020-13331
CONFIRM
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. 2020-09-30 2.1 CVE-2020-4629
XF
CONFIRM
mitel — micontact_center_business The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. 2020-09-25 3.6 CVE-2020-24692
MISC
CONFIRM
mozilla — firefox When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. 2020-10-01 2.6 CVE-2020-15671
MISC
MISC
qemu — qemu QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. 2020-09-25 2.1 CVE-2020-25084
CONFIRM
MISC
rainbowfishsoftware — pacsone_server RainbowFish PacsOne Server 6.8.4 allows XSS. 2020-09-30 3.5 CVE-2020-12869
MISC
MISC
tensorflow — tensorflow In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. 2020-09-25 3.5 CVE-2020-15197
MISC
MISC
CONFIRM
trendmicro — apex_one An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. 2020-09-29 2.1 CVE-2020-24564
N/A
N/A
trendmicro — apex_one An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. 2020-09-29 2.1 CVE-2020-24565
N/A
N/A
trendmicro — apex_one An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. 2020-09-29 2.1 CVE-2020-25770
N/A
N/A
trendmicro — apex_one An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. 2020-09-29 2.1 CVE-2020-25771
N/A
N/A
trendmicro — apex_one An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. 2020-09-29 2.1 CVE-2020-25772
N/A
N/A

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
tigervnc — tigervnc In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. 2020-09-27 not yet calculated CVE-2020-26117
MISC
MISC
MISC
MISC
MISC
MISC
anixis — password_reset_client
 
The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. 2020-09-30 not yet calculated CVE-2018-5354
MISC
MISC
apache — ant
 
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. 2020-10-01 not yet calculated CVE-2020-11979
MISC
apache — hadoop
 
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. 2020-09-30 not yet calculated CVE-2018-11765
MISC
apache — nifi In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. 2020-10-01 not yet calculated CVE-2020-9487
MISC
apache — nifi
 
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. 2020-10-01 not yet calculated CVE-2020-9486
MISC
apache — nifi
 
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). 2020-10-01 not yet calculated CVE-2020-13940
MISC
apache — nifi
 
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. 2020-10-01 not yet calculated CVE-2020-9491
MISC
apache — openmeetings
 
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. 2020-09-30 not yet calculated CVE-2020-13951
MISC
apache — superset
 
In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2. 2020-09-30 not yet calculated CVE-2020-13952
MISC
apache — tapestry
 
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. 2020-09-30 not yet calculated CVE-2020-13953
MISC
artica — pandora_fms
 
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. 2020-10-02 not yet calculated CVE-2020-26518
MISC
artifex — mupdf
 
fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap size calculation. 2020-10-02 not yet calculated CVE-2020-26519
MISC
MISC
atheros — multiple_devices
 
A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18991
MISC
atlassian — atlaskit/editor-core
 
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. 2020-10-01 not yet calculated CVE-2019-20903
MISC
MISC
MISC
atlassian — crowd
 
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1. 2020-10-01 not yet calculated CVE-2019-20902
MISC
august — connect_wi-fi_bridge_app
 
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. 2020-09-30 not yet calculated CVE-2019-17098
CONFIRM
bigbluebutton — greenlight
 
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. 2020-09-30 not yet calculated CVE-2020-26163
MISC
MISC
MISC
bitdefender — bitdefender_engines
 
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. 2020-09-30 not yet calculated CVE-2020-15731
CONFIRM
bitdefender — engines
 
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. 2020-10-01 not yet calculated CVE-2020-8109
CONFIRM
bitdefender — engines
 
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. 2020-10-02 not yet calculated CVE-2020-8110
MISC
bludit — bludit
 
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. 2020-10-02 not yet calculated CVE-2020-18190
MISC
bootstrap-select — bootstrap-select
 
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim’s browser. 2020-09-30 not yet calculated CVE-2019-20921
MISC
MISC
MISC
MISC
bosh — system_metrics_server
 
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). 2020-10-02 not yet calculated CVE-2020-5422
CONFIRM
cloudflared — cloudflared
 
`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. 2020-10-02 not yet calculated CVE-2020-24356
CONFIRM
cmsmadesimple — cms_made_simple
 
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. 2020-10-01 not yet calculated CVE-2020-24860
MISC
MISC
MISC
MISC
codelathe — firecloud
 
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. 2020-10-02 not yet calculated CVE-2020-26524
MISC
MISC
damstra — smart_asset
 
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. 2020-10-02 not yet calculated CVE-2020-26525
MISC
MISC
MISC
damstra — smart_asset
 
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary ‘Origin: example.com’ header and responding with 200 OK and a wildcard ‘Access-Control-Allow-Origin: *’ header. 2020-10-02 not yet calculated CVE-2020-26527
MISC
MISC
MISC
damstra — smart_asset
 
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid (“Unable to find an APIDomain” versus “Wrong email or password”). 2020-10-02 not yet calculated CVE-2020-26526
MISC
MISC
MISC
dell — xps_13_9370_bios
 
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. 2020-10-01 not yet calculated CVE-2020-5387
CONFIRM
django — rest_framework
 
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. 2020-09-30 not yet calculated CVE-2020-25626
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14376
SUSE
SUSE
MISC
UBUNTU
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14375
SUSE
SUSE
MISC
UBUNTU
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. 2020-09-30 not yet calculated CVE-2020-14377
SUSE
SUSE
MISC
UBUNTU
MISC
dpdk — dpdk
 
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14374
SUSE
SUSE
MISC
MISC
eaton — 9000x_programming_and_configuration_software
 
A DLL Hijacking vulnerability in Eaton’s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. 2020-09-30 not yet calculated CVE-2020-6654
CONFIRM
envoy_proxy — envoy
 
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. 2020-10-01 not yet calculated CVE-2020-25018
MISC
MISC
envoy_proxy — envoy
 
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header. 2020-10-01 not yet calculated CVE-2020-25017
MISC
MISC
erlang — otp
 
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. 2020-10-02 not yet calculated CVE-2020-25623
CONFIRM
CONFIRM
MISC
fatek_automation — plc_winproladder
 
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. 2020-09-30 not yet calculated CVE-2020-16234
MISC
foxit — reader_and_phantompdf
 
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. 2020-10-02 not yet calculated CVE-2020-26538
MISC
frontaccounting — frontaccounting
 
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. 2020-09-30 not yet calculated CVE-2020-21244
MISC
fusionauth — fusionauth-samlv2
 
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a “Signature exclusion attack”. 2020-10-02 not yet calculated CVE-2020-12676
MISC
FULLDISC
MISC
MISC
MISC
getsimple — getsimple_cms GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php 2020-10-02 not yet calculated CVE-2020-18191
MISC
getsimple — getsimple_cms
 
GetSimple CMS 3.3.16 allows in parameter ‘permalink’ on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page 2020-10-01 not yet calculated CVE-2020-24861
MISC
MISC
MISC
github — actions/core
 
In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified without the intention of the workflow or action author. The runner will release an update that disables the `set-env` and `add-path` workflow commands in the near future. For now, users should upgrade to `@actions/core v1.2.6` or later, and replace any instance of the `set-env` or `add-path` commands in their workflows with the new Environment File Syntax. Workflows and actions using the old commands or older versions of the toolkit will start to warn, then error out during workflow execution. 2020-10-01 not yet calculated CVE-2020-15228
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. 2020-10-02 not yet calculated CVE-2020-13338
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. 2020-10-02 not yet calculated CVE-2020-13337
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. 2020-09-30 not yet calculated CVE-2020-13336
CONFIRM
MISC
google — apple_encounter_notification
 
An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification. 2020-09-30 not yet calculated CVE-2020-24721
MISC
MISC
MISC
FULLDISC
goxmldsig — goxmldsig
 
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0 2020-09-29 not yet calculated CVE-2020-15216
MISC
CONFIRM
MISC
halo — halo An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system. 2020-09-30 not yet calculated CVE-2020-21522
MISC
halo — halo
 
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. 2020-09-30 not yet calculated CVE-2020-21526
MISC
halo — halo
 
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. 2020-09-30 not yet calculated CVE-2020-21525
MISC
halo — halo
 
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. 2020-09-30 not yet calculated CVE-2020-21527
MISC
halo — halo
 
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423 2020-09-30 not yet calculated CVE-2020-21524
MISC
halo — halo
 
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test=”freemarker.template.utility.Execute”?new()> ${test(“touch /tmp/freemarkerPwned”)} 2020-09-30 not yet calculated CVE-2020-21523
MISC
handlebars — handlebars
 
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. 2020-09-30 not yet calculated CVE-2019-20922
MISC
MISC
MISC
handlebars — handlebars
 
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS). 2020-09-30 not yet calculated CVE-2019-20920
MISC
MISC
MISC
harbor — harbor
 
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. 2020-09-30 not yet calculated CVE-2020-13794
MISC
MISC
MISC
hashicorp — vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control. 2020-09-30 not yet calculated CVE-2020-25816
CONFIRM
MISC
hcl — digital_experience
 
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. 2020-10-01 not yet calculated CVE-2020-14223
MISC
hewlett_packard_enterprise — ip_console_switches
 
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. 2020-10-02 not yet calculated CVE-2020-24628
MISC
hewlett_packard_enterprise — ip_console_switches
 
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. 2020-10-02 not yet calculated CVE-2020-24627
MISC
hfish — hfish
 
An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information. 2020-09-30 not yet calculated CVE-2020-22481
MISC
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. 2020-10-01 not yet calculated CVE-2020-4576
XF
CONFIRM
istio — istio
 
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. 2020-10-01 not yet calculated CVE-2020-16844
MISC
CONFIRM
jwt-go — jwt-go
 
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[“aud”] (which is allowed by the specification). Because the type assertion fails, “” is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. 2020-09-30 not yet calculated CVE-2020-26160
MISC
MISC
lansweeper — lansweeper
 
In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. 2020-09-30 not yet calculated CVE-2020-13658
MISC
MISC
leanote — desktop
 
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. 2020-09-30 not yet calculated CVE-2020-26158
MISC
leanote — desktop
 
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled during syncing. This leads to remote code execution because of Node integration. 2020-09-30 not yet calculated CVE-2020-26157
MISC
libproxy — libproxy
 
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. 2020-09-30 not yet calculated CVE-2020-26154
MISC
MISC
FEDORA
live_helper_chat– live_helper_chat
 
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. 2020-10-02 not yet calculated CVE-2020-26134
MISC
MISC
MISC
live_helper_chat– live_helper_chat
 
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. 2020-10-02 not yet calculated CVE-2020-26135
MISC
MISC
MISC
logaritmo — aware_callmanager_2012
 
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. 2020-09-30 not yet calculated CVE-2020-26150
MISC
mantisbt — mantisbt
 
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. 2020-09-30 not yet calculated CVE-2020-25830
MISC
MISC
mantisbt — mantisbt
 
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input’s pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. 2020-09-30 not yet calculated CVE-2020-25288
MISC
MISC
mantisbt — mantisbt
 
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. 2020-09-30 not yet calculated CVE-2020-25781
MISC
MISC
MISC
mapfish — mapfish-print

 

In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. 2020-10-02 not yet calculated CVE-2020-15232
MISC
CONFIRM
mapfish — mapfish-print
 
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. 2020-10-02 not yet calculated CVE-20https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-1523120-15231
MISC
CONFIRM
mb_connect_line — mymbconnect24_and_mbconnect24
 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. 2020-09-30 not yet calculated CVE-2020-24569
CONFIRM
mb_connect_line — mymbconnect24_and_mbconnect24
 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. 2020-10-02 not yet calculated CVE-2020-24568
CONFIRM
mb_connect_line — mymbconnect24_and_mbconnect24
 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. 2020-09-30 not yet calculated CVE-2020-24570
CONFIRM
md4c — md4c
 
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. 2020-09-30 not yet calculated CVE-2020-26148
MISC
mediatek — mt7620n_devices
 
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18989
MISC
mediawiki — mediawiki
 
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. 2020-09-27 not yet calculated CVE-2020-25869
CONFIRM
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn’t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) 2020-09-27 not yet calculated CVE-2020-25828
MISC
CONFIRM
MISC
mediawiki — mediawiki
 
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against “page creation” and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. 2020-09-27 not yet calculated CVE-2020-26121
MISC
MISC
MISC
mediawiki — mediawiki
 
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. 2020-09-27 not yet calculated CVE-2020-26120
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). 2020-09-27 not yet calculated CVE-2020-25815
MISC
CONFIRM
MISC
mediawiki — mediawiki
 
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. 2020-09-27 not yet calculated CVE-2020-25813
CONFIRM
MISC
MISC
mediawiki — mediawiki
 
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an <a href =”javascript… that executes when clicked. 2020-09-27 not yet calculated CVE-2020-25814
CONFIRM
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. 2020-09-27 not yet calculated CVE-2020-25812
MISC
CONFIRM
MISC
mediawiki — mediawiki
 
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. 2020-09-27 not yet calculated CVE-2020-25827
CONFIRM
MISC
MISC
mozilla — firefox
 
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. 2020-10-01 not yet calculated CVE-2020-15666
MISC
MISC
MISC
mozilla — firefox
 
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. 2020-10-01 not yet calculated CVE-2020-15667
MISC
MISC
mozilla — firefox
 
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. 2020-10-01 not yet calculated CVE-2020-15665
MISC
MISC
mozilla — multiple_products By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. 2020-10-01 not yet calculated CVE-2020-15664
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products
 
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. 2020-10-01 not yet calculated CVE-2020-15663
MISC
MISC
MISC
MISC
MISC
MISC
msi — ambientlink_mslo64_driver
 
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). 2020-10-02 not yet calculated CVE-2020-17382
MISC
MISC
MISC
nacos — nacos
 
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284) 2020-09-30 not yet calculated CVE-2020-19676
MISC
nats — nats.js
 
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. 2020-09-30 not yet calculated CVE-2020-26149
CONFIRM
MISC
MISC
nette — nette
 
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. 2020-10-01 not yet calculated CVE-2020-15227
CONFIRM
MISC
MISC
niushop — b2b2c_multi-business_basic_edition
 
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. 2020-09-30 not yet calculated CVE-2020-19672
MISC
niushop — b2b2c_multi-business_basic_edition
 
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. 2020-09-30 not yet calculated CVE-2020-19670
MISC
nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5989
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5983
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5984
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5986
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5987
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5988
CONFIRM
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5985
CONFIRM
nvidia — windows_gpu_display_Driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service. 2020-10-02 not yet calculated CVE-2020-5980
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution. 2020-10-02 not yet calculated CVE-2020-5981
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service. 2020-10-02 not yet calculated CVE-2020-5982
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges. 2020-10-02 not yet calculated CVE-2020-5979
CONFIRM
oniguruma — oniguruma
 
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c . 2020-09-30 not yet calculated CVE-2020-26159
MLIST
MISC
MISC
openmediavault — openmediavault
 
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. 2020-10-02 not yet calculated CVE-2020-26124
MISC
CONFIRM
ory — fosite
 
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1. 2020-10-02 not yet calculated CVE-2020-15233
MISC
CONFIRM
ory — fosite
 
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client’s registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1. 2020-10-02 not yet calculated CVE-2020-15234
MISC
CONFIRM
ozeki — ng_sms_gateway
 
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. 2020-09-30 not yet calculated CVE-2020-14030
MISC
MISC
php — php
 
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. 2020-10-02 not yet calculated CVE-2020-7070
MISC
MISC
MISC
FEDORA
php — php
 
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. 2020-10-02 not yet calculated CVE-2020-7069
MISC
FEDORA
pluck — cms
 
An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. 2020-09-30 not yet calculated CVE-2020-21564
MISC
pluxxml — pluxxml
 
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. 2020-10-02 not yet calculated CVE-2020-18184
MISC
pluxxml — pluxxml
 
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. 2020-10-02 not yet calculated CVE-2020-18185
MISC
powerdns — authoritative
 
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24696
MISC
powerdns — authoritative
 
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24698
CONFIRM
powerdns — authoritative
 
An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24697
CONFIRM
powerdns — authoritative_server
 
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. 2020-10-02 not yet calculated CVE-2020-17482
CONFIRM
MISC
pritunl — pritnul
 
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. 2020-10-01 not yet calculated CVE-2020-25200
MISC
MISC
MISC
projectworlds — visitor_management_system
 
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. 2020-09-30 not yet calculated CVE-2020-25761
MISC
FULLDISC
MISC
projectworlds — visitor_management_system
 
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the ‘rid’ parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. 2020-09-30 not yet calculated CVE-2020-25760
MISC
FULLDISC
MISC
pulse_secure — pulse_connect_secure A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). 2020-09-30 not yet calculated CVE-2020-8238
MISC
pulse_secure — pulse_connect_secure
 
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. 2020-09-30 not yet calculated CVE-2020-8256
MISC
pulse_secure — pulse_connect_secure
 
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. 2020-09-30 not yet calculated CVE-2020-8243
MISC
python — python
 
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. 2020-09-27 not yet calculated CVE-2020-26116
MISC
MISC
qemu — qemu
 
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. 2020-10-02 not yet calculated CVE-2020-25741
CONFIRM
MISC
MISC
re:desk — re:desk Re:Desk 2.3 allows insecure file upload. 2020-09-30 not yet calculated CVE-2020-15488
MISC
MISC
re:desk — re:desk Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application’s database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework’s bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). 2020-09-30 not yet calculated CVE-2020-15849
MISC
MISC
re:desk — re:desk
 
Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained. 2020-09-30 not yet calculated CVE-2020-15487
MISC
MISC
realtek — multiple_devices
 
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18990
MISC
reddoxx — maildepot_2032_sp2
 
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. 2020-10-02 not yet calculated CVE-2019-19199
MISC
MISC
MISC
MISC
rittal — cmc_pu_iii_devices
 
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim’s information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session. 2020-10-01 not yet calculated CVE-2019-19393
MISC
MISC
secudos — domos
 
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). 2020-10-02 not yet calculated CVE-2020-14293
MISC
MISC
MISC
MISC
MISC
secudos — qiata_fta
 
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. 2020-10-02 not yet calculated CVE-2020-14294
MISC
MISC
MISC
MISC
MISC
snyk — bmoor
 
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. 2020-10-02 not yet calculated CVE-2020-7736
MISC
MISC
snyk — safetydance
 
All versions of package safetydance are vulnerable to Prototype Pollution via the set function. 2020-10-02 not yet calculated CVE-2020-7737
MISC
snyk — shiba
 
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). 2020-10-02 not yet calculated CVE-2020-7738
CONFIRM
sonicwall — ssl-vpn_products
 
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. 2020-09-30 not yet calculated CVE-2020-5132
CONFIRM
sourcecodester — seat_reservation_system
 
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. 2020-09-30 not yet calculated CVE-2020-25762
MISC
FULLDISC
MISC
sourcecodester — seat_reservation_system
 
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. 2020-09-30 not yet calculated CVE-2020-25763
MISC
FULLDISC
MISC
sysaid — sysaid
 
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. 2020-10-02 not yet calculated CVE-2020-13168
MISC
MISC
trend_micro — antivirus_for_mac_2020
 
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2020-10-02 not yet calculated CVE-2020-25776
N/A
N/A
trend_micro — apex_one
 
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. 2020-09-29 not yet calculated CVE-2020-24563
N/A
N/A
trend_micro — apex_one_servermigration_tool
 
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-09-29 not yet calculated CVE-2020-25774
N/A
N/A
trend_micro — office_scan_xg_sp1
 
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. 2020-09-29 not yet calculated CVE-2020-24562
N/A
N/A
trend_micro — security_2020
 
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges. 2020-09-29 not yet calculated CVE-2020-25775
N/A
N/A
unisys — stealth
 
Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable Format. 2020-10-01 not yet calculated CVE-2020-24620
CONFIRM
MISC
urllib3 — urllib3
 
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. 2020-09-30 not yet calculated CVE-2020-26137
MISC
MISC
MISC
vapor — vapor
 
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. 2020-10-02 not yet calculated CVE-2020-15230
MISC
MISC
CONFIRM
wago — multiple_products Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions. 2020-09-30 not yet calculated CVE-2020-12506
CONFIRM
wago — multiple_products
 
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions. 2020-09-30 not yet calculated CVE-2020-12505
CONFIRM
wavlink — wn530h4_router A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. 2020-10-02 not yet calculated CVE-2020-12125
MISC
MISC
wavlink — wn530h4_router
 
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. 2020-10-02 not yet calculated CVE-2020-12124
MISC
MISC
wavlink — wn530h4_router
 
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. 2020-10-02 not yet calculated CVE-2020-12123
MISC
MISC
wavlink — wn530h4_router
 
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. 2020-10-02 not yet calculated CVE-2020-12126
MISC
MISC
wavlink — wn530h4_router
 
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. 2020-10-02 not yet calculated CVE-2020-12127
MISC
MISC
websitebaker — websitebaker
 
WebsiteBaker 2.12.2 allows SQL Injection via parameter ‘display_name’ in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 2020-10-01 not yet calculated CVE-2020-25990
MISC
MISC
wordpress — wordpress
 
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. 2020-10-02 not yet calculated CVE-2020-26511
MISC
MISC
MISC
zoho — application_control_plus
 
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access. 2020-09-30 not yet calculated CVE-2020-15595
MISC
zoho — application_control_plus
 
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. 2020-09-30 not yet calculated CVE-2020-15594
MISC
zoho — manageengie_desktop_central
 
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. 2020-10-02 not yet calculated CVE-2020-24397
MISC
CONFIRM
zoho — manageengine_adselfservice_plus
 
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required 2020-09-30 not yet calculated CVE-2018-5353
MISC
MISC
MISC
zoho — manageengine_application_manager
 
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. 2020-10-01 not yet calculated CVE-2020-15533
MISC
CONFIRM
CONFIRM
zoho — manageengine_desktop_central
 
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. 2020-10-02 not yet calculated CVE-2020-15589
MISC
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.